I am starting a project with ASP.NET Core as an API Server and Angular 6 for the Frontend part but i am a bit lost with which exactly is the right way to authenticate users with the Identity Framework.
I read the documentation on http://docs.identityserver.io and also checked also the samples on github https://github.com/IdentityServer/IdentityServer4.Samples
Which is the correct way to authenticate users for my project ? I think i need the section "Using ASP.NET Core Identity" or "Adding User Authentication using OpenID Connect or "Adding Javascript Client" but i am not sure.
Which one best suits me?
Related
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
I want to create a SPA with Vue.js which consumes my ASP.NET Core Web-API. I need user authentication with username and password. The API will also be consumed by a mobile app (Android and iOS) later on.
I read this: ASP.NET Core Web API Authentication
I am wondering if there is nothing official available? Is Basic Auth even the right approach? I've read some documentation for ASP.NET Web-API using filters, didn't work for Core.
Then I though about implementing token based authentication myself.
I've also read that since ASP.NET Core 2.0 it's better to use services instead of middleware?
I am stuck and don't know where to start. Maybe the approach in the Question above is okay for my needs?! I am not quite sure.
You should consider Oauth and Identity. You can even use something such as Auth0.
I have following scenario. I write asp.net core web api which will be used by mobile and web (asp.net core mvc web app) apps.
I authenticate user using asp.net core identity framework class SignInManager (add account controller and related classes manually) and then generate oauth token which will be used by client applications. By doing so I have 2 identities associated with the user. one is created by after I login using SignInManager.PasswordSignInAsync and second is created by generating oauth JWT token.
Is this correct approach or not?
Thanks
https://blogs.msdn.microsoft.com/webdev/2016/10/27/bearer-token-authentication-in-asp-net-core/
that might shed some light on what direction to go. there is also another blog post about using IdentityServer4 (3rd party) works well.
https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/
I'm using angular2 as a front-end. My Back-end is ASP.NET Core and I am using it as a Restful Web API. How can I authenticate credentials from angular against a local active directory?
Depending on the version of ASP.NET you could implement the ASP.NET Membership or Identity which can connect to AD.
You should easily find various examples of these.
I have recently looked at Auth0, which means you can integrate a variety of ways, front or back-end.
see: https://auth0.com
(not affiliated)
Why it`s not possible to create Web API project with Individual User Accounts Authorization type?
UPDATE:
All version numbers are updated from v1.2 to v2.0.
Please find the ASP.NET Core Schedule and Roadmap:
Identity Application Services
A service layer will be added ASP.NET Core Identity and included in the project templates using Individual Authentication. This will allow authentication of users by way of JWT tokens such that Web APIs can be secured out of the box, and make it simpler to change authentication systems, e.g. from in-app Identity to Azure AD B2C, or 3rd-party solutions like Identity Server.
Daniel Roth from MS:
Support for individual user accounts with the Web API template in VS is not available yet. We are still looking at providing a supported on premise offering for token issuance in addition to providing integration with Azure AD B2C.
This statement can be found in the comment section under https://channel9.msdn.com/Events/dotnetConf/2016/Building-Secure-Web-APIs-with-ASPNET-Core
This is just disabled in core 1.1.please use core 2.0 to find all authentication.You can download core 2.0 from
here