Why it`s not possible to create Web API project with Individual User Accounts Authorization type?
UPDATE:
All version numbers are updated from v1.2 to v2.0.
Please find the ASP.NET Core Schedule and Roadmap:
Identity Application Services
A service layer will be added ASP.NET Core Identity and included in the project templates using Individual Authentication. This will allow authentication of users by way of JWT tokens such that Web APIs can be secured out of the box, and make it simpler to change authentication systems, e.g. from in-app Identity to Azure AD B2C, or 3rd-party solutions like Identity Server.
Daniel Roth from MS:
Support for individual user accounts with the Web API template in VS is not available yet. We are still looking at providing a supported on premise offering for token issuance in addition to providing integration with Azure AD B2C.
This statement can be found in the comment section under https://channel9.msdn.com/Events/dotnetConf/2016/Building-Secure-Web-APIs-with-ASPNET-Core
This is just disabled in core 1.1.please use core 2.0 to find all authentication.You can download core 2.0 from
here
Related
Currently we have an ASP.NET core 6.0 API hosted in Azure, based on the documentation on azure API management services security, it recommends using a subscription key to secure the API. It also recommends using Azure AD B2C, however it would be impossible to implement that on every client side application since some already run on other authentication frameworks.
Will subscription keys suffice as a secure way of accessing the API or is there another viable way?
Documentation:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/secure-api-management?tabs=app-reg-ga
This topic is covered perfectly regarding current best practices in the official ASP.NET Core documentation of Microsoft. You might be especially interested in the "Bearer Token Authentication" method: Authenticate with bearer tokens
We have a Web Application in .Net Core 6.0 that we have registered in Azure AD app registration in azure portal.
We have used ADAL.net library in our code for Authentication. Now, we are migrating authentication library Adal.net to Msal.Net.
We have used below endpoints URLs to generate tokens
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
When we migrate the application, we have to change the library references and related code in our application.
We want to confirm on the below points -
Do we need do any changes in app registration configuration in azure portal or any code level configuration changes in application related to MSAL.Net Library like in appsettings or startup.cs class?
Do we need to do any change in service principal (SPN) values?
If you are on ASP.NET Core 6.0, you should use Microsoft.Identity.Web, which provides higher-level APIs on top of MSAL.NET. See the migration guide here. You do not need to change any of your app registration when migrating, include the service principal values.
I am implementing an application using microservices approach.
On my application there must be Google sign-in and basic sign-in.
I have 2 services: 1 for membership service and 1 for MVC gateway.
My membership service has db and standard asp.net core identity applied. So all users stored here.
My MVC gateway has login action that needs to challenge Google and get external login. And then get a user from Membership service for this login.
First my idea was to implement custom IUserStore class and call restful Api methods from Membership service. But there I faced the problem with syncing 2 Identities - on both services. Then I removed Identity from MVC Gateway, but now I cannot challenge Google Sign-in.
So what is the best solution for such approach?
I saw in MS example that there was IdentityServerr4 used, but I don't think that this is viable for my situation.
Implemented using IdentityServer4.
I have a MVC web application hosted in IIS and users are stored in Azure AD.
I need to authenticate Azure AD users to access web application.
I am using ADFS for this and installation has been done on Azure.
To authenticate I need to know whether I should go for Window Identity Foundation or OWIN?
In many articles i read WIF has been deprecated and Using OWIN.
Let me know if owin is proper way for my scenario and if some proper examples are available?
Latest version of WIF is 4.5 which is also not available for VS2015
I understood is WS-FED is using SAML Token for this?
Confusion - your MVC application authenticates using Azure AD. Where does ADFS fit in? Have you got a federated tenant?
WIF is still around - people still use it. In VS2015, WIF is built in to .NET. So you can use it.
Yes - WIF (WS-Fed) uses a SAML token.
With OWIN you have a choice - you can use WS-Fed or OpenID Connect (OIDC) or even both.
Unless you are using ADFS 4.0, you need WIF as there is no support for OIDC in the earlier versions.
I'm using angular2 as a front-end. My Back-end is ASP.NET Core and I am using it as a Restful Web API. How can I authenticate credentials from angular against a local active directory?
Depending on the version of ASP.NET you could implement the ASP.NET Membership or Identity which can connect to AD.
You should easily find various examples of these.
I have recently looked at Auth0, which means you can integrate a variety of ways, front or back-end.
see: https://auth0.com
(not affiliated)