Blazor Server Side - SAML2 Authentication - saml-2.0

Good Day Everyone
Our Global Company is using SAML2 for our Single Sign-On Authentication (We don't use any other external authentication like Facebook, Google and Twitter), we are successfully created a SAML2 on our ASP.NET Webforms and MVC, but haven't done it on ASP.NET Core (MVC and Blazor), I search on the internet and found this:
https://developer.okta.com/blog/2020/10/23/how-to-authenticate-with-saml-in-aspnet-core-and-csharp
I haven't applied it on my ASP.NET Core MVC project, but my team want's me to use SAML2 to my Blazor Server Application project, but when I tried to create a cookie authentication on Blazor, It seems that the authentication approach of the Core MVC and Blazor Server Side is different to each other, and I think on the link above will might not work to my Blazor App, what do you think? Does someone here has successfully created Blazor Side Application that has a SAML2 Authentication?
I hope someone can help me on this and guide me.
Thanks and regards

sorry for the late response and thanks for your suggestions, but I solved this by creating an ASP.NET Core MVC and then add the Blazor Components on it, and then using the ITfoxtec SAML 2.0, I was in a tight schedule so I chose this approach, and we are not currently using Azure, I will try your solutions if I have new project
Thanks everyone.

Related

Add other parameters to saml2 authentication requets

I try to authenticate with itfoxtec-identity-saml2 to my IDP.At first, I used asp.net webform but I need to migrate my website to asp net core mvc and i don't know how to proceed to enter theses parameters :
authentication level
Assertion consumer URL
Endpoint
And my IDP provides me a certificate to decode SAML response.
I'm very newbie with MVC.
Help would be appreciated.
Regards
I tried to use that procedure: https://developer.okta.com/blog/2020/10/23/how-to-authenticate-with-saml-in-aspnet-core-and-csharp, but there's missing parameters
You can start by cloning/downloading the git repository https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2
And then run two of the samples:
the IdP emulator test/TestIdPCore
and the ASP.NET Core MVC RP sample test/TestWebAppCore

AngularJS with ASP.NET Web API and Azure AD Single SignOn using msal

I have an asp.net web api and angularjs(1.4.x) app and planning to use Azure AD for authentication and single sign on feature. Most of the examples are using ADAL, which is deprecated as per Microsoft. Can anyone share some examples of what changes need to be done in Web api and AngularJS app?
Migrate ADAL.js to MSAL.js for Azure AD Authentication for AngularJS+ASP.NET Core application.
You could try #azure/msal-angularjs for AngularJS SPA
When migrating ADAL.js to MSAL.js, you need to use #azure/msal-angular that is based on Microsoft identity platform v2.0.
Below is the example using MSAL Angular and call a .NET Core web API.
Example : https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api
Reference Guide Based on SO Thread: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-compare-msal-js-and-adal-js
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-migration

Azure Ad integration with spring mvc framework 4

i'm working on a project developed on SPRING MVC FRAMEWORK VERSION 4 and I need to integrate it with AZURE AD for SSO authentication. Would really appreciate if anyone could provide some documentation or something which covers all the points from authenticate to redirecting the user to homepage after the authentication and all that.
Regarding Azure AD Integration kindly get the entire detailed information from the below document.

Use IdentiyServer or not for external login provider only web application with asp.net core

I am building a web application with
Asp.net Core 2.0 Web API
AngularJS 4+
SQL Server
User signup/login only through Google/Facebook/LinkedIn. I will save user info like name and email I receive from them into SQL db table. I do not have a plan to offer manual registration on my website with email and password. I do not want to maintain user credentials, forget the password, securing user passwords and all nitty-gritty around that.
As of now, there is no plan to build a mobile app. I am learning .Net Core and stumble upon IdentityServer4 as a recommended way to provide identity in asp.net core applications. I went through all docs, example and tried out few sample application. I think I am clear how configuration and workflow of identityserver.
My questions are
Is it worth employing IdentityServer4 in my architecture since my identity is external provider only? I was thinking about using default Asp.net Identity with.AddCookie(), .AddGoogle() and .AddJwtBearer() to retrieve the cookie from Google/Facebook/LinkedIn, use AddGoogle AddFacebook AddLinkedIn middleware to handle callback, extract claimprincipal and set Jwt token for Angular JS app to use in its XMLHttp request.
What benefits do I get outsourcing this work to IdentityServer4 besides identity in one place best practice?
I appreciate your tiny or big feedback on this.
IdentityServer is great for handling many clients that access many protected resources. You seem to have one client (the so called AngularJS 4+ app) and one resource, the Asp.net Core 2.0 Web API.
A point of clarity is that you have no need for ASP.NET Identity and all those middlewares for Google, LinkedIn, etc. If your client is truly an Angular javascript application, then it does not need a server side component like ASP.NET Core- it is simply a browser application. You can use a javascript library like oidc-client and configure your external authentication providers according to their own needs. You will receive an id_token and/or access_token to store in browser and utlimately pass to your Api Resource.
Speaking of your Api Resource, this application can validate directly with the token issuer, be it Google or Facebook or whoever.
So with this setup: (a) a browser app (Angular), (b) a server WebApi (ASP.NET CORE), and (c) and an identity/access control service (Google, Facebook, etc.) you certainly do not need any additional applications that run ASP.NET Identity or IdentityServer4. Seems like it would be easier without them.
If your Angular app is actually in an ASP.NET MVC, then the same is true.
If your Angular app and your WebApi are all part on one ASP.NET project then the same is true and all you need is an identity provider to return an id_token.

How do I configure ADFS 3.0 Relying Party Trust and update my AngularJS & ASP.NET Web API applications to use ADFS with my company’s Active Directory?

I am a beginner with ADFS and do not know where to begin. I have an AngularJS 1.4.9 application which makes Ajax calls to an ASP.NET Web API 2.2 service.
Both applications are hosted within IIS under the same site and both use Windows Authentication on my company’s intranet. I’d like to modify them to use ADFS so that these applications can be accessed from the internet without a VPN.
You are better off looking into using the web application proxy (WAP)functionality for now. WAP allows publishing internal resources and making them internet accessible.
Once you get AD FS and WAP deployed, see step 3 in https://technet.microsoft.com/en-us/library/dn280943.aspx#BKMK_3
You can then look to slowly updating your applications to use federated authentication with AD FS.

Resources