I'm rookie in Yii yramework, and interested in implementing user authentication.
I found two way to do that. One via yii2's core authclient and the second is Yii2-User module, which is not stable version.
As i know, core Auth classes gives ability to implement authentication in a good way.
What I need is Authenticating users via social APIs and Authorizing theme to some objectives, such as posting, viewing, commenting and etc.
1. So, Is there anyone give me a brief of yii2-user module and it's benefits over core authClient?
2. I think Yii2's core AuthClient classes give us all features and abilities that Yii2-User module has, Am I right?
Related
I'm in need of a detailed explanation on how I should configure OpenIddict in ASP.NET Core 7.
I have been looking at the available examples and documentation for a week now.
But I do not understand why some examples have ~400 lines of code and others have ~40, in their controller or endpoint implementations.
To make my use case and problem more specific:
Server side:
ASP.NET Core 7
Using minimal APIs
EF Core 7
PostgreSQL
Clients:
Blazor WASM or Angular
Decision not yet made
A skeleton Blazor WASM app created
Mobile apps (native iOS and Android)
I also need to refresh the token, and the user to access and modify the profile data.
I will also need to use other authentication providers (e.g.: Apple, Google).
I read the official docs and tried to undertand the examples.
Edit: I tried the Balosar and Zirku examples.
It left me more confused.
So my goal would be to understand why I need to add and how to configure certain services to achive the functionality described above.
Also, how to implement the needed endpoints, can I do it in minimal APIs, or do I have to stick with the controllers, or add views?
My goal is to implement a generically extendible .NET core web API. The generic refers to modules that can be added at runtime and provide new endpoints as well as functionality. These modules will be developed based on a framework.
Currently I am still deciding if the modules will be included as a DLL or run as a separate process (.exe).
I have the basic understanding of Dependenci Injection regarding the addressing of controllers in a DLL. But now I wonder if and how to realize the whole thing via an own process.
The API should always be addressable via http://localhost/myapi/{endpoint}, i.e. a request to a module should be done via the same URL. For the user / developer of the frontend everything should be presented as one API.
Unfortunately I was not successful on my research and don't know exactly what I have to / should look for specifically. Therefore I hope that you can help me.
Examples are helpful, but I am also keywords or articles, which deal with such a topic, help me further.
kind regards
I wanted to know how can I implement the SSO authentication between multiple applications using the SAML in ASP.NET Core?
Is this a safe and secure way to do it?
If you know the information, better free method or how to implement it, write it down.
Thanks in advance.
I don't think free method exists. Unless you want to implement solution from scratch by yourself, which seems to be a lot of work to do.
So, if it's an option you could use some commercial solutions. I have experience working with ComponentSpace.Saml2. Configuration is pretty straightforward - you need to fill and store a bunch of configuration items such as identity providers' params, certificates data, login and logout endpoints. Then controller needs to be built, containing methods for initiating saml request and processing response from identity provider. That's just infratructure level - of course you'll need to implement authentication service to manage SAML response and to decide how it integrates into your app's architecture.
Well, as you can see, the answer is general, so is the question.
Hope this helps. At least to choose right path to go.
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
In an attempt to understand what I may use for OpenId Connect Server implementation, I have looked into what each of them is:
IdentityServer4:
an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 2.
AspNet.Security.OpenIdConnect.Server:
is an advanced OAuth2/OpenID Connect server framework for both ASP.NET Core 1.x/2.x and OWIN/Katana 3.x/4.x, designed to offer a low-level, protocol-first approach.
OpenIddict:
OpenIddict aims at providing a simple and easy-to-use solution to implement an OpenID Connect server in any ASP.NET Core 1.x or 2.x application.
OpenIddict is based on AspNet.Security.OpenIdConnect.Server to control the OpenID Connect authentication flow and can be used with any membership stack, including ASP.NET Core Identity.
Also have checked that all of them use well the ASP.NET Core Identity as a membership system.
And so my current understanding is that IdentityServer4 and OpenIdConnect.Server are two alternative frameworks that solve the same problem. The main difference is the list of supported ASP.NET Core versions.
Regarding Openiddict - it is a kind of extension to simplify server creation based on AspNet.Security.OpenIdConnect.Server.
Have I missed something, or this is how things in general are?
EDIT (01/28/2021): as part of the 3.0 update, AspNet.Security.OpenIdConnect.Server and OpenIddict were merged to form a single/unified codebase under the OpenIddict umbrella, which should offer the best of both worlds: you still have the same experience as before, but can now opt in for the degraded mode, giving advanced users the same lower-level approach as AspNet.Security.OpenIdConnect.Server.
And so my current understanding is that IdentityServer4 and OpenIdConnect.Server are two alternative frameworks that solve the same problem. The main difference is the list of supported ASP.NET Core versions.
Actually, I believe the most important difference is that these two libs don't share the same objective. ASOS' only mission is to help you deal with the raw OAuth 2.0/OIDC protocol details: everything else is totally out of scope. Concretely, this means that concepts like users, applications or stores - that you can find in OpenIddict and IdentityServer - are completely inexistant in ASOS (which means you're free to bring your own implementation... and your own abstraction).
While IdentityServer will expose many abstractions and services allowing to configure specific features, ASOS - that was forked from Katana's OAuthAuthorizationServerMiddleware - has a centralized low-level events-based API (named OpenIdConnectServerProvider) that behaves exactly the same way as the ASP.NET Core security middleware developed by MSFT.
When working with ASOS, you have to deal with raw OpenID Connect requests and implement potentially sensitive things like client authentication (e.g using a database containing the client credentials) and that's why ASOS' core target is people who understand how the OAuth2/OIDC protocol work. OpenIddict and IdentityServer, on the other hand, will implement these things for you.
Regarding Openiddict - it is a kind of extension to simplify server creation based on AspNet.Security.OpenIdConnect.Server.
Initially, that's indeed how I was asked to design it. OpenIddict was created for non-experts who don't feel super comfortable with the protocol details of OAuth 2.0 and OpenID Connect.
While it will give you full flexibility to implement the user authentication part (e.g in your own authorization controller, using ASP.NET Core Identity or your own authentication method), it will handle the complex request validation process and make it transparent for your app, without drowning you with tons of configuration options.
Unlike ASOS (that tries to be as flexible and as close to the specifications as possible), OpenIddict generally comes with more restrictive validation routines that I personally consider as best practices. For instance, it will automatically reject authorization requests that contain response_type=token if the client is a confidential application, even if that's not prohibited by the OpenID Connect specification.