I have a ASP.NET Core Web API that I am trying to set up office365 authentication on. The frontend when you load it should be redirected to the azure sign in page and if the account details are correct they should be returned to the SPA application.
The SPA and API are in different applications. I understand how to do in an MVC context using asp.net.core MVC it's the separating the 2 API and SPA.
Could anyone help?
Looks #Tiny's comment is correct, move it to answer to help others:
you can use msal in Spa and add filter in the api app, so that when you visit the api directly it returns 'forbidden' because of no access token in request head and when you visit page view it redirect to login page to make you sign in.
Related
I use AngularJS in frontend and web API in backend. I want for the project to redirect users to a custom login page. I added the sign up policy in Policy-User flow, but how can I integrate this policy to an AngularJS app, such that when the application runs it redirects to this page?
Did you search for samples? Here is one: https://github.com/Azure-Samples/active-directory-b2c-javascript-angular-spa
I am trying to protect a react.js spa app with adal login and authenticate with .net core wepApi.
I am able to get JWT from azure invoked by react SPA (using react-adal module) and retrieve basic user information.
Now the joy begins
As most MSFT examples are based on their mvc approach, they have a password to sign token in the webconfig file, which is not accessible for frontend application.
How then I could sign the JWT token using a password without pushing it to the SPA app as that could be read in a web console?
One of my ideas is to initiate login in the SPA, then use a webapi endpoint as a redirect link (and provide a connection id in state field) and then by ajax I could do redirect on the SPA, but still there is no signature on the JWT.
my partial solution at the moment is:
have react-adal used to validate if user is logged-in
when there is no token, then react-adal authenticates, but redirection is on a special page when I am grabbing the token and store it in database. The trick here is: there is a need to change hash to query-string to grab the token serverside (as all after # is not forwarded to web-server), so a simple javascrip that replaces # with ? and redirects to another endpoint.
then redirect to the main application
As the URL is only used for redirects (after adal login ) - that is a typical man-in-the-middle scenario, but gives an ability to generate own token.
I'm using IdentityServer 4. I have a setup very similar to the asp.net Identity quickstart as on the IdentityServer documentation here .
I want to be able enable a single logout from the IdentityServer web application, so that when I call this POST method, it logs out from all of the connected applications.
I have an IdentityServer web application, and an MVC web application which uses Asp.net identity mediated by the IdentityServer application.
What's happening with the default setup (as per the quickstart) is that when you logout from within the IdentityServer app, if you've already logged in on the MVC web application, you will remain logged in on the MVC web application until the MVC cookie has expired.
Is there a way of adapting the quickstart so that you have a centralized sign-out method within the IdentityServer application that you can call from anywhere?
For HTTP based logout add a logoutUri to each of your clients and http://localhost:5000/account/logout should do that. You'll see an iframe with the endsession url which contains an iframe for each logoutUri that you've logged into for that session (stored in the cookie)
see:
http://docs.identityserver.io/en/release/topics/signout.html
Make sure your account controller and logged out view match the quickstart samples.
I have an application built by a previous developer that uses OWIN middleware with both cookie and OAuth tokens. It is an ASP.NET MVC app that is only using MVC views/controllers for login and a home view that hosts an entirely separate Angular app.
Bearer tokens are used to authenticate to the API once the app is entirely loaded but an auth cookie is used to load the initial scaffold MVC home view enclosing the ng app.
My issue is having a business requirement to allow users to login with unique credentials per browser tab therefore cookies cannot be used but simply use a session-based token to keep them separate.
Can an ASP.NET MVC app fundamentally operate without cookie-based auth?
If I can remove cookie auth and rely on tokens only this will solve my issue of having to rewrite the angular outer frame in solely angular code and reimplement login pathway.
A note: I am implementing IdentityServer3 and I found all samples there and elsewhere always have cookie auth as part of the mix thus my question here.
I think what you want to do here is the following:
Add an [AllowAnonymous] on the Home controller
In the application that is loaded by the Home page, use a browser side package like oidc-client to perform a user login. This will return an id and an access token.
Inject the access token in you REST service requests.
Use UseIdentityServerBearerTokenAuthentication to filter and authenticate bearer tokens in the WEB API server.
I'm trying to retrieve a LinkedIn users profile information by authenticating them on my hybrid application.
I have tried to use the REST api, but I can not register a redirect URL on LinkedIn in order for this to work.
From:
https://developer.linkedin.com/documents/authentication
I used:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=YOUR_API_KEY
&scope=r_basicprofile%20r_emailaddress
&state=STATE
&redirect_uri=YOUR_REDIRECT_URI
... but because applications on an iPhone get's installed with a unique URL, I cannot register it on LinkedIn as a redirect URL.
I also tried using the javascript API, but can not load the page dynamically for the button to appear and parse correctly.
From: https://developer.linkedin.com/documents/javascript-api-tutorial
Is there anyone that found a different solution to implement this on Ionic or any other Hybrid application?
Thanks in advance.
I'm currently working on the same thing and ran into similar issues. My approach is to use the InAppBrowser for the user login to LinkedIn and then grab the authcode from that response. Then, send the authcode to my node backend, where I issue a request with it and my client secret to get the access token.
Here are a few resources for oAuth with phonegap that I found very useful:
Using An Oauth 2.0 Service With IonicFramework
Ionic forums - OAuth Login
(would have left this as a comment, but can't due to my reputation)