I have imeplemented Auth server with Dot net core 3.1 and Identity Server 4 (3.1.3) version.
I am using ResourceOwnerPassword Grant type for token generation along with refresh token option.
I have hosted my application in Azure app service. It is been observed that memory consumption is everyday increases instead going down eventhough application is not in use.
If anyone has come across this kind of situation please let me know.
Thanks in advance.
Related
We have recently started using IdentityServer4 and I read about the Data Protection in ASP.NET Core, and I am confused if I still need to keep session data if I am using IdentityServer4. We plan to have multiple machines running behind a load balancer. Can anyone point me in the right direction please? I am a bit lost and confused if IdentityServer4 will take care of the client session information? Thank you.
ASP.Net Core Data Protection
I have built a small web application with asp.net core 2.0 MVC. In this web application, I did not implement any authentication methods so far.
Right now I have an MSSQL database running in the background and I can add/view/edit/delete users from the database.
I adapted this tutorial and followed it pretty closely. However I also added some functionality like localization and stuff, and everything is running pretty smoothly.
My next goal is to enable authentication and authorization. The authentication part shall be straightforward. The goal is that the application will be running as an intranet solution. This means the authentication method just shall check if the Windows User is existing in the previously mentioned database. I don't want to create a separate login. However, it might be that there is a Windows user in the active directory, which is not part of the database. This User should just be able to see a default error page.
I made quite a huge research and I also tried a lot of different stuff, however, I do absolutely not find any "database first" tutorial for this part or any other documentation which explains what to do.
I actually "just" want to teach the asp.net core 2.0 identity framework that it shall look into my user-table and check if the current windows user is existent and if not to forward him to the error page.
A second step would be to load all the roles which this user is assigned to from the mapping table.
Any kind of help would be highly appreciated.
Dosc Microsoft has a lot of posts regarding authentication for ASP.NET Core. Here are some of the links to get you started:
ASP.NET Core Authentication
ASP.NET Core Authentication Identity
and a lot more.
many endpoints in the MS Graph beta API do not support the application permission type, meaning they can only be invoked under a user identity. I would like to have a headless service/daemon running that operates under its own app identity, and is able to do stuff with the graph API
For example remote locking a managed device.
I would like to know, if MS plans to add this feature in the near future.
I recommend visiting the UserVoice and adding your suggestions.
I have a standalone web application (not an add-in) and I would like to access Project Server PWA oData from this web application without using the PWA username/password combination.
I can do this for SharePoint oData by registering my web app in Azure AD and configuring the application to require "Read" permissions from "Office 365 SharePoint Online"
If you are interested to do this for SharePoint data, see this article for details: https://www.itunity.com/article/integrating-angularjs-aad-office-365sharepoint-part-1-622
My problem is that I want to do the same for a Project Server, but can't see any relevant Project Online permission in Azure AD.
Has any one ever accessed Project Online using Azure AD tokens?
My 10 Minutes of Internet Researchâ„¢ leads me to believe this isn't available but that it was a planned feature at one point. [see here]
Without knowing much (anything) about Project Server, this seems like a situation I've dealt with on AWS at work. We have a bunch of endpoints that are secured using IAM (AWS) credentials and we can't leave those creds lying around in our app (because that would be silly). Our solution is to generate access URLs server-side and hand them out, these typically will have a time limit and be restricted to a very specific action.
A quick search for Azure's equivalent to IAM tells me that you might be able to do something similar though I'm unsure it exists for Project Server.
That failing, you could always set up an intermediary micro-service that acts as proxy and has the username/password combo. We do stuff like this all the time with Lambda (AWS's serverless functions).
I am currently working on a Third Party Web Application which is internally hosted. (We own the App Server and the DB )
We need the sign on or User Authentication to be integrated on to AD. Vendors may able to get this working obviously with a cost. I was wondering if anyone can put me on the right direction, may be the steps i should take to do this with the local development teams.
Thanks
I'd say virtually no chance. Is that webapp using any mod_auth in Apache?