I'm using angular2 as a front-end. My Back-end is ASP.NET Core and I am using it as a Restful Web API. How can I authenticate credentials from angular against a local active directory?
Depending on the version of ASP.NET you could implement the ASP.NET Membership or Identity which can connect to AD.
You should easily find various examples of these.
I have recently looked at Auth0, which means you can integrate a variety of ways, front or back-end.
see: https://auth0.com
(not affiliated)
Related
I have a project structure which includes a Blazor server project and an api project.
Every things works fine, but I'm confused about how to handle security. I use JWT in the api, and in Blazor server I use scaffold identity.
How can I integrate the security between the two project?
Should I use JWT for both and override authentication state provider?
https://www.pragimtech.com/blog/contribute/article_images/1220200705121732/blazor-application-architecture.png
#edit
I don't want to use the Identityserver4 as the version 5(duendesoftware) will be paid , the support for identityserver4 will be terminate at Nov 2022 with the end of .net core 3 support, So that I need any replacement that's free
or a cimple way to do the authentication between the two layer
Thanks
There seem to be plenty of tutorials on how to use third-party authentication providers for Blazor WebAssembly, but there doesn't seem to be a documented process for using Windows Authentication (on-site Active Directory domain) from an ASP.NET Core hosted server.
Is this actually possible? I would like the Core server to authenticate the user with the roles and policies, and for this information to be accessible from the WebAssembly client also. I understand that the Client can only use authentication to show/hide UI elements, and that any actual securing should be done on the Server, but is there a way to access the Windows authentication/authorization from both sides of the application?
I am starting a project with ASP.NET Core as an API Server and Angular 6 for the Frontend part but i am a bit lost with which exactly is the right way to authenticate users with the Identity Framework.
I read the documentation on http://docs.identityserver.io and also checked also the samples on github https://github.com/IdentityServer/IdentityServer4.Samples
Which is the correct way to authenticate users for my project ? I think i need the section "Using ASP.NET Core Identity" or "Adding User Authentication using OpenID Connect or "Adding Javascript Client" but i am not sure.
Which one best suits me?
Why it`s not possible to create Web API project with Individual User Accounts Authorization type?
UPDATE:
All version numbers are updated from v1.2 to v2.0.
Please find the ASP.NET Core Schedule and Roadmap:
Identity Application Services
A service layer will be added ASP.NET Core Identity and included in the project templates using Individual Authentication. This will allow authentication of users by way of JWT tokens such that Web APIs can be secured out of the box, and make it simpler to change authentication systems, e.g. from in-app Identity to Azure AD B2C, or 3rd-party solutions like Identity Server.
Daniel Roth from MS:
Support for individual user accounts with the Web API template in VS is not available yet. We are still looking at providing a supported on premise offering for token issuance in addition to providing integration with Azure AD B2C.
This statement can be found in the comment section under https://channel9.msdn.com/Events/dotnetConf/2016/Building-Secure-Web-APIs-with-ASPNET-Core
This is just disabled in core 1.1.please use core 2.0 to find all authentication.You can download core 2.0 from
here
I'm searching for bestpractices for auth in the given Internet Application scenario.
I've an ASP MVC 4 Webpage and an ASP4 WebApi.
Both are hosted on the same server but as independent applications.
The ASP MVC4 Application consumes via RestSharp the WebApi. Also there are some 3rd Party Desktoptools planed which will use the web api.
Now I'm thinking about how to authenticate the users.
My Idea is to use Forms Authentication for the ASP MVC 4 Site and Basic Authentication for the WebApi.
Is this an good idea ?
Or should i use a token based approach for the webapi ?
What are bestpractices / concerncs for this scenario ?
Many thanks in advance
Look at IdentityModel 4.0.
This is a security framework for ASP.NET Web API written by security experts.