I am using asp.net mvc 4 template, which ships with OpenID2 as default.
Since google has depricated OpenID 2.0, I want to use OAuth 2.0. I checked all MSN blogs
where there is no solution for out of box. I am using visual studio 2012 and mvc 4 only.
So my question is how can i migrate openid 2.0 to open auth.
Thanks & Regards,
Aruljothi
You can either get GoogleOAuth2Client from NuGet or reimplement it yourself:
You'll have to create a new GoogleAuth model which implements IAuthenticationClient interface, can be initialized with appId and appSecret, returns provider name ("gooogle") and includes specific classes and methods to complete the auth, get user data and deserialize data.
If you are too lazy to do that you can even use Google's own library Google.Apis.Auth.OAuth2. Or look for ready-to-use template implementations.
After that all you need to do is configure your AuthConfig and use them via OAuthWebSecurity in your external login controller.
Related
I am able to implement the Authentication using the okta in .net core 2.0 application by using the okta.AspNetCore package . but I am not able to figure out, how to approach for role based authentication here.
Ref link:https://developer.okta.com/docs/guides/sign-into-web-app/aspnet/before-you-begin/
At a high-level, you need to do two things:
Create a claims transformer that maps your Okta groups to roles so ASP.NET recognizes your Okta groups as roles.
Add [Authorize(Roles = "Your Role")] decorators to your endpoints
Okta has published a step-by-step guide that provides much more detail on to how to get it working here:
https://developer.okta.com/blog/2017/10/04/aspnet-authorization
We have configured windows authentication in a .NET Core web API project using the below.
services.AddAuthentication(IISDefaults.AuthenticationScheme);
And windows authentication works, we get the user identity. :-)
However I want to run some additional code on user authentication. In particular a database query/update, possible returning access denied. I would need the Identity from windows authentication as it contains the data needed for the database lookup.
I could add the code to a ClaimsTransformer however I don't think that's what the IClaimsTransformation interface should be used for, as I'm not going to map any claims.
How can I extend the in built windows authentication with some custom code?
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
Since I'm new to WIF.
I want to create a custom STS on WIF, but these document only for .net 3.5:
http://msdn.microsoft.com/en-us/library/ee748498.aspx
and I can't find these template in vs 2012.
So what should I do? Can anybody provide some information to me ?
Thanks !
Writing a custom STS service is still available under WIF in .NET 4.5 or WIF 4.5 for short.
"To create an STS you must derive from the SecurityTokenService class. In your custom class you must, at a minimum, override the GetScope and GetOutputClaimsIdentity methods...", Microsoft 1
You start by deriving a new type from System.IdentityModel.SecurityTokenService.
Note that we now use the SecurityTokenService which is apart of .NET 4.5's System.IdentityModel and not the pre .NET 4.5 Microsoft.IdentityModel.
Please refer to the link below to see an example of a passive STS.
Microsoft's Federation Metadata example is a reasonably complete example of custom STS.
MSDN:
This sample will show you how to dynamically consume WS-Federation metadata at run time in an ASP.NET Web Application. You will also see how to create a basic STS that produces WS-Federation metadata and issues tokens.
In addition this sample shows the basics of how claims have been integrated into the .NET framework. You will learn how a web application is enabled to use WIF. You will see how they are useful from within existing properties and functions, and how you can take the next step to using them directly using the ClaimsPrincipal class in System.Security.Claims. You also will also learn how to work with the local STS that is part of the Identity and Access tool for Visual Studio 2012. Tell me more
[1] System.IdentityModel.SecurityTokenService
The templates have been replaced with the Identity and Access Tool.
Refer Windows Identity Foundation in the .NET Framework 4.5 Beta: Tools, Samples, Claims Everywhere
There is no custom STS facility option anymore in the sense of a wizard as per FedUtil. As other posts allude to, you can still roll your own.
Refer: What's New in Windows Identity Foundation 4.5.
Have a look at Identity Server which is a very good custom STS and alter as required.
If you're completely new then writing a custom STS might not be such a good idea :-) I would suggest having a look at the implementation given in ThinkTecture STS (https://github.com/thinktecture/Thinktecture.IdentityServer.v2) This is a sample STS that handles different tokens types (SAML, SWT and JWT) as well as different procotols (WSFederation, OAuth, ...) There is too much in here for many simple cases but at least the code works.
Can I offer the authentication, authorization, etc created using "ASP.NET MVC Open Id website" extension.. as a REST service in ASP.NET MVC? How can I create this service(maybe using WCF)?
(Please if you can, offer me some examples please).
Yes, you can. OpenID is not about authorizing web services at all. That's what OAuth does. But DotNetOpenAuth does both OpenID and OAuth, so your users can authenticate with OpenID, then authorize RESTful clients via OAuth, and the user story is probably exactly what you're looking for.
There is a project template that shows you exactly how to do it (does it for you, actually) available on the Visual Studio Gallery.
You can easily create REST services using just MVC. WCF is not necessary. There are tons of posts on restful architecture in ASP.NET MVC.
There is code available with a base API for Restful services using ASP.NET MVC available here: http://code.msdn.microsoft.com/MvcWebAPI .
The author of this library has an excellent article explaining how to create such a service that is capable of will serve both JSON and XML. It can be read at: http://omaralzabir.com/create_rest_api_using_asp_net_mvc_that_speaks_both_json_and_plain_xml/
There are plenty of tools that can help you implement the OpenId service, such as http://www.dotnetopenauth.net/ or the solution outlined at http://www.west-wind.com/weblog/posts/899303.aspx. You said you've already created an OpenId logging system. Basically, take the logging system, create an interface like:
public interface IOpenIdService{
bool Login(string login, string password);
}
and execute it in your Controller Action method. If it is successful return a JSON or XML success message. If it fails return a JSON or XML failure message.
*I have also found this article helpful for REST with MVC: http://blog.wekeroad.com/2007/12/06/aspnet-mvc-using-restful-architecture/. Also, if you want to extend JSON functionality, look into JSON.NET.
Have a look at the latest nerddinner tutorial on codeplex. It has OpenId integration built into the MVC example application: http://nerddinner.codeplex.com/