In all the examples that I saw regarding thinktecture I saw that they are using InMemoryUserobject to represent the users.
is this also suitable for production code? how should I do it?
From the Identity Server documentation:
This is only suitable for testing and development
- In-Memory Services and Stores
You will need an implementation of the UserService to replace this.
They also have some general guidelines for deployment you should check out before deploying to production.
Related
I need to build an application where the front-end (ReactJs) is totally decoupled from the back-end, which is built using Asp.Net Core v5 (or higher) Web API.
Users will log in to the application using both OIDC with Azure Active Directory and local database login.
For performance reasons, I'd like to split some APIs into different projects and eventually install them on different servers.
I'm wondering if the [authorize] attribute I will put on the endpoints will work as usual even if they are running in different environments.
Please note that they could be different servers or different AWS Lambda functions, but in both cases, they can be considered different executables.
Is it something possible or I'm going in the wrong direction?
Please note that they could be different servers or different AWS
Lambda functions, but in both cases, they can be considered different
executables.
Is it something possible or I'm going in the wrong direction?
Thank you # Camilo Terevinto, Posting your suggestion as an answer to help other community members .
"It's completely possible (and common), as long as all APIs (and possibly Lambdas, depending on how they're used) authenticate against the same Azure Active Directory instance.
And we can set up ASP. NET Core Identity with both local login and AAD without any issues . Just ensure that our tokens always have the necessary scopes (to call other APIs in our system)"
For more information please refer the below links:
SO THREAD : How to use both Azure AD authentication and Identity on ASP.NET Core
Blog: Token Based Authentication using ASP. NET Web API 2, Owin, and Identity
I've programmed a lot in asp.net mvc web applications. Now I want to write cross-platform mobile applications with cordova for the frontend and azure for the backend.
I am in doubt whether to use azure mobile services or WebAPI, because I want the power and freedom of WebAPI, but the convenience of azure mobile services. I do not understand concepts such as authentication, push notifications, etc.
My main goal is to focus on the application logic, frontend and backend with a significant weight of that logic in the backend. For this I have great doubts.
1st. I see both good mechanisms in AMS and WebAPI for external authentication, but not to manage your own authentication. What is the best way to manage your own authentication? Is Azure Active Directory solution?
2nd My intention is to create a well-defined API methods that return the exact data (json), rather than a rest api queryable (odata).
Wich is te best for this, WebAPI or AMS?
3rd I have experience with SQL Server, its relationships and Entity framework, but I do not care to learn and use NoSQL technologies, which is better? (However, I'm not comfortable with I can not use many to many relationships in NoSql).
Thank you very much.
there is not a real general answer for that, so take these as advices.
At first, keep in mind that AMS and WebApi are not so far. An AMS project IS a WebApi project with some helpers inside to make you comfortable working with related services (push notification, table entities), but you will lose a bit of control on your application.
The choice depends on your needs
Azure Active Directory IS a solution, but there are a lot more. You can use your preferred framework. AMS has got a pretty integrated login with most known social network and azure active directory as well, and is very easy to set up.
I'd suggest AMS. It will be easier to setup and mantain.
AMS is just WebApi castrated. To get all these services easier for you, you cannot for example
Customize startup of your application
Use a dependency injection framework
Run background tasks
And other stuff like that.
Hope it helps!
Is there a single sign-on solution with completely RESTful API installable on my server? I have looked at OpenAM, which have some of the API available through HTTP/JSON, but not all (and seems too heavy, but if it had all the API, I'd not care).
Do you know of solution for authorization, authentication and identity management that can be used for single sign-on and has all (maybe without setting admin password and such critical issues) its API available though HTTP(S)/JSON?
I have no need for Java API etc., HTTP(S)+CLI for setup is only thing I look for. That is, I doin;t realkly care what the solution is implemented in (no need for Java EE etc.) as far as it does its job and it is secure.
Have you seen Mozilla's new Persona solution built on BrowserID? It does a lot, but it's hard to know if it's sufficient for you without more details about how integrated you need the authorization to be.
You might want to look at Stormpath. They're the largest identify management service (for developers) -- and they are all REST + JSON API backed.
I am going to run a Web App on JBoss App Server 7. Does JBoss have some sort of inbuilt user management module/API which I can use rather than code my own? Or do I have to make this module myself. I know about the default JAAS pieces providing authentication AND authorisation, however I am looking to manage, add, edit, delete users from the datasource as well.
I'm not being lazy or anything, just want to know if JBoss has an easy inbuilt way before I start :)
Google implies no so I want to make sure by asking here.
As far as I know they don't provide any easy to managed identity provider, they "only" provide way to connect to identity provider using standard protocol like LDAP, SAML and WS-trust, openid to provide container managed authentication.
They have a idm project but it seems to provide standard protocol SSO identity backed by some identity store but doesn't provide way to manage the users.
PicketBox and PricketLink are the tow JBoss project you should look for more information.
These element can be used if you want to use global identity system, existing one, new product deployment or custom build.
(disclaimer: I have sped some time on Picket* projects documentation and I still don't think I get a good knowledge on how it works... )
There is a web interface and a command line interface for management operations. See the Management Clients section of the documentation.
The security realms could be what you're after. I'm not really a security expert though.
Maybe a security domain could be helpful too.
I need to set up a testing website on Windows Azure, and typically to prevent random people from looking at it I would have set up basic authentication with some sort of trivial password to filter people. Windows Azure, seemingly, does not have this option.
What are the alternatives? So far I am considering implementing another level of forms authentication but this is a lot of work and would need to be stripped out in the production version of the site.
The documentation on implementing Basic-Authentication in the web.config is also shockingly sparse.
I think you should be able to use the IIS7 demo BasicAuthenticationModule to achieve what you want - see full code and instructions in
http://learn.iis.net/page.aspx/170/developing-a-module-using-net/