I'm planning to use identityserver4 with an LDAP scenario.
Is it a possible and reasonable attempt ? :)
I thought I should implement a LoginService like QuickStart.UI's InMemoryUserLoginService.
And When IS4 will be released officially? Any info about that?
Thanks and regards.
I know it's an old question, but I worked recently on the Ldap (Active Directory or OpenLdap) + IdentityServer4. I created a nuget package and on the github repository you can find an implementation sample.
Here's the Nuget: https://www.nuget.org/packages/IdentityServer.LdapExtension/
I hope it can helps
It's possible and reasonable, it's something you will have to implement on your own which follows the same principle as many other things related to IdentityServer.
We have successfully connected our IdSrv4 to Active Directory using the System.DirectoryServices and System.DirectoryServices.AccountManagement namespaces. Sadly this requires us to run IdSrv4 using full .NET framework since these namespaces haven't been implemented in .NET Core yet.
Reminder: Lookup the area "LDAP injections" before launching your solution, to be on the safe side.
IdentityServer4 1.0.0 was released to NuGet on December 22, 2016: https://www.nuget.org/packages/IdentityServer4/1.0.0
Related
I've searched over Internet and I couldn't find any good resources explaining how to authenticate an ASP.NET Core web application through ADFS using the SAML protocol.
However, I found an old blog post saying that it was not supported and that it would not be until at least .NET Core 2.1. Except of that, I didn't find anything else.
However, I can't believe that something so important is not yet supported...
Does anyone has any experience with that? Note that Azure is not an option here.
Yes you can - see this example using Sustainsys.
You can also use ComponentSpace (examples in that blog) or Rock Solid Knowledge as per this example.
So I am trying to implement an IdentityServer4 for my Project. I followed the instructions I found in the documentation and other sources to setup a very basic IdSrv.
I am still struggling with how I can implement an IdSrv which accepts Windows Credentials from client and authenticate using IdSrv.
Until now I have not found anything which helps. Everything seems to be too complex. Among the IdSrv.Samples are some clues on how to achieve this, but still can't figure out the right way.
Or maybe I understood all the idea false?
Any help and tip would be appreciated.
PS. I am not using IIS or IISIntegration.
The documentation on how to implement this is at Windows Authentication
I am in need of a solution for using ADFS 3.0 identities in a ASP.NET Core 2 Web Api application. The Windows Enterprise Support team at my organization has informed me that they are only familiar with SAML or WS-Fed based relying parties within ADFS, and are not interested in allowing me to help them configure OAuth, which I could consume directly within the application. As far as I am aware, neither SAML nor WS-Fed are compatible with anything currently available targeting netcore or netstandard.
I've been looking at Identity Server 4, and it's so-called "Federation Gateway" functionality, but I can't find much in the way of documentation. Is this something that could be useful for my use case? I'm guessing that it's only set up to interface via OAuth or OpenID, but I could be wrong.
I've also looked at using Amazon Cognito as the middleman to issue JWTs based on the SAML response, but after I got a proof of concept working with this configuration, I realized the cost at $0.45/MAU is prohibitively high, as the application will have around 10-15k regular users.
If Identity Server isn't the solution, are there any other similar "Federation Gateway" type solutions available as preferably open source/free software? Even if the solution wasn't .NET-based, I'd be interested in looking at it. I'm toying with the idea of building something like this in Java or Ruby as a last resort.
As of version 2.0, IDS4 can be a WS-Fed relying party. This would allow it to act as a middleman between ADFS and OIDC/OAuth RPs.
This vid from the IDS4 guys covers the available options: https://vimeo.com/254635632
It's also worth noting that you can run ADFS 2016 servers in a 2008R2 or higher domain and that natively supports OpenID Connect but given what you've said about your internal "support" team, deploying IDS4 may be a better option, although probably more work.
Just for completeness, the issue with WS-Fed was cyptographic support in .NET Core. This is now resolved so WS-Fed is supported.
SAML support is available via Sustainsys or Rock Solid Knowledge.
You can implement SAML 2.0 federation with AD FS 3.0 in ASP.NET Core 2.1 using the ITfoxtec Identity Saml2 package. NuGet package: https://www.nuget.org/packages/ITfoxtec.Identity.Saml2.MvcCore/
Project https://itfoxtec.com/IdentitySaml2 and code samples https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test
want to connect to a CouchDb databse from asp.net core web api , but am having trouble finding the code to do so.
Can anyone help me with the code to do that? What is the 'normal' way of doing that?
Cheers!
You can use the MyCouch Library for .Net https://github.com/danielwertheim/mycouch
I had the same need and after evaluating the existing options, I created a set of mechanisms that met the requirements that I had to meet and made available on github and the nuget package.
The explanation of how to use it is on github.
Below is the link in case you want to take a look.
In time, to prevent someone from coming here and deleting my answer, I inform you that I have no intention of promoting what I did with this answer, just suggesting that you evaluate it and if it is your case, feel free to use it.
Link: Nuget Package |
Github
An example webapi core project follows how to make this connection and perform data operations with this lib: webapi core sample
I need to implement external logins and had no problem with Facebook and Google since they are supported but I'm stuck at LinkedIn. I am not exactly a beginner but I'm not very experienced at this either. Prior to this post I viewed a thousand explanations and most of them were vague, others just didn't work and others were explained for advanced people.
What I've tried:
-using cookies in the Configure method, but the methods were deprecated (I figured they were not for the 2.0 version). I also tried app.UseLinkedInAuthentication(...) from Microsoft.AspNetCore.Authentication.LinkedIn to no success.
-writing a service in ConfigureServices (but I didn't get it to work, I assume this is where I need to do it). I also tried this but they were talking like they knew what they were doing.
So to keep this simple, I made a default MVC ASP.NET Core 2.0 application in Visual Studio 2017. All I need to do is write stuff in Startup.cs, so my question is, what is it that I have to write and why? Thank you very much in advance.
PS: I would appreciate an explanation in the comment, if it's a link I probably already visited it :)
There is AspNet.Security.OAuth.Providers repo that provides a collection of security middleware to support social authentication providers.
Corresponding releases can be found using this link: https://www.nuget.org/profiles/aspnet-contrib (all packages that start from AspNet.Security.OAuth)
Unfortunately, the current master branch is only for ASP.NET Core 1.0 and so nuget packages like package for LinkedIn were published only for that version, but you may clone the repo and switch to experimental branch that is an on-going port to ASP.NET Core 2.0.
Look into this github issue if you need the current status of porting.
By the way, according to this github issue, the LinkedIn authentication provider has been ported already.