I am storing the user selected culture into the user claims and i have a custom RequestCultureProvider that reads this value and set the request culture accordingly.
The application will have a profile page where the user can change his preferences (culture included). After save the data to the database I need to silently re-signin the user in order to update his claims.
Additional info:
I'm using IdentityServer4 with AspNet Core 2.0 and Asp.Net Identity
I'm loading the culture to the claims in the OnTokenValidated event (client apps). It can also be done in the GetProfileDataAsync (IProfileService) or UserClaimsPrincipalFactory (ASP.NET Core Identity)
The system is composed by 3 web apps (Idsv4 + app1 + app2). The profile pages are implemented in the app applications.
With a single web app configured with Asp.NET Identity you can use the method RefreshSignInAsync from the SignInManager to regenerates the user's application cookie, however I need to trigger this process from the client apps (app1 & app2), so no access to SignInManager.
I tried to use HttpContext.Authentication.ChallengeAsync("oidc") HttpContext.Authentication.SignInAsync and apparently the authenticate endpoint is invoked however I cannot handle the response and it generates a infinite loop in the MVC action where I'm invoking this code.
So, how can I achieve the silently re-signing with Idsrv4?
Related
I am working on a new ASP.NET Core Blazor application that I am basing on the BlazorHero clean architecture template.
The major modification that I need to make is the switch from its ASP.NET Core Identity based system to relying on WS-Federation SSO authentication.
My initial goal is to get the app to stop using the login screen. (Which is caused by the
App.razor in the Blazor Client sending unauthorized users to login) What do I need to modify for the app to go to the home page rather than the login screen?
My second goal is to get the user service to return the current user information from our Ws-Federation server. I can write the code that will populate the current user from Ws-Federation. How/where do I tell the Identity service what I want it to return for the current user?
My assumption is that I will need to re-write (at minimum) the IdentityService.cs, the UserService.cs and the RoleService.cs files.
I have selected Individual User Accounts while creating Blazor application. I have no idea where I can modify the Login page that was created, the file with source dode is not available anywhere.
How to modify Login page in that scenario?
When choosing your configuration the created template gets delivered with IdentityServer and ASP.NET Core Identity. IdentityServer makes the Endpoint OpenID/OAuth compatible. This is needed for the Blazor WebAssembly app to streamline the process of getting a token, validating it etc. ASP.NET Core Identity is used to save and retrieve the users from the database, loging them in by setting a Cookie and checking the correctness of provided passwords, hashing them etc. This link answers how you can modify the default Razor Pages delivered when an app with ASP.NET Core Identity is created.
Where are the Login and Register pages in an AspNet Core scaffolded app?
I have an Asp.net application that uses form authentication. I am building an asp.net core API that will receive a JWT token that has user information included in the payload. This API needs to call asp.net application for serving the user request. In order for asp.net application to serve this request, it needs the form authentication cookie to recognize it as valid logged in user.
In other words, the API needs to generate and send an authentication cookie in the request forwarding stimulating scenario that actual user is making the request.
Note:
The API is being created to expose features of the asp.net application as a public API without user having to log in to the asp.net application UI directly first.
I am creating a class library that target .net standard 2.0 that can be used in my api that takes care of creating cookie part and add it to the request before it forwards the request to my asp.net application. How can I create FormAuthenication cookie in my class library? I found following code and wondering how can I do similar in my library?
string userData = string.Join("|",GetCustomUserRoles());
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // ticket version
username, // authenticated username
DateTime.Now, // issueDate
DateTime.Now.AddMinutes(30), // expiryDate
isPersistent, // true to persist across browser sessions
userData, // can be used to store additional user data
FormsAuthentication.FormsCookiePath); // the path for the cookie
// Encrypt the ticket using the machine key
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
// Add the cookie to the request to save it
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = true;
No. System.Web is .NET Framework only. It is not included nor compatible with .NET Standard, any version. Additionally, Forms Auth, in general, is deprecated (as part of ASP.NET Membership), so nothing but ASP.NET (.NET Framework) will ever be able to work with it.
Going forward, if you need to share authentication, you must switch to ASP.NET (Core) Identity and utilize the data protection API, rather than the old-style machine key encryption Forms Auth depends on.
For what it's worth though, an API should not be using cookie authentication. Cookies are a non-standard way for clients to interact with an API, and they're also a form of state, whereas APIs should be stateless (REST). Instead, you should be doing something like basic or bearer authentication, using the Authorization header to authorize each request either with user/pass (basic) or token (bearer).
I am currently trying to setup a second web application that needs to share authentication with the first web application, i.e. logged in users from application A should be automatically authenticated in application B.
Application A uses Microsoft Identity together with Openidconnect middleware to authenticate users.
The workflow is as follows:
User navigates to application A and logs in (using openidconnect middleware)
User finds link to application B on a page of application A
User should automatically be authenticated in application B
I've noticed that the Microsoft Identity cookie gets send to application B, but I don't know how to configure Startup.cs in application B so it can authenticate via that cookie.
In Visual Studio 2017, create a new ASP.NET Core Web Application (.NET Core) project, changing authentication to Individual User Accounts (so using ASP.NET Core Identity).
In the created project, there is an AccountController. In the [HttpGet] Login method, there is the following:
// Clear the existing external cookie to ensure a clean login process
await HttpContext.Authentication.SignOutAsync(_externalCookieScheme);
I'm just trying to understand the authentication process a bit better. So my questions are:
What does this code do?
Why is it included in this method?
If I do not include this in my own login method, under what circumstances will I encounter a problem, and what will the problem be?
In identity you can use external login like Microsoft, Google or Facebook and this method insures that you are not logged in with these services before authenticating user.
just if you use external login, include this line in your Login action otherwise you don't need it.