I am starting a project to link ID4 or ID3 to a number of .Net Web Applications to support SSO across them using OIDC where they vary in Technology maturity.
The one I am having some trouble with is a .Net 4.5 WebForms application which does not have OWIN support currently. I am wondering what is the best approach to integrate it with ID4 or ID3.
I have been considering doing a method such as the following but I am sure there are better ways to do this:
https://leastprivilege.com/2014/06/10/writing-an-openid-connect-web-client-from-scratch/
Regards,
Barry
Owin package, doesn't have any dependencies, so you can go straight forward and add it to your Web Forms application. This is the best/easiest approach.
Then the next thing you need is the IdentityServer3.AccessTokenValidation package (because you are using .Net Framework app).
From this point on, it doesn't matter which version of Identity Server you will choose. Both of them will be suitable for you, however I, and I'm sure many others, recommend you to use Identity Server 4.
Related
I’m working with a large company with multiple dispersed teams developing applications using the ADAL client libraries and either the React and/or Angular frameworks. Over time, the various organizations within the company have each modified/extended ADAL.js to create their own adaptations for handling different needs (for example, implementations differences for React vs Angular …or handling different versions of a framework, like Angular 2 vs Angular 5).
With this context in mind, I was asked the specific question:
"Just wanted to know if Microsoft has any plans to enhance and support
ADAL.js for newer frameworks as most UI use cases for Azure AD would be on Angular and React and these ‘solutions’ are frequently updated"
In other words, do we have guidance (and/or a roadmap) for a more abstracted way of handling the implementation with various frameworks …or across different versions of a particular framework?
Or should each org continue to create their own adaptations?
So far there appears to be updates to existing ADAL libraries but no plans to support additional web frameworks. I.e "to bad so sad" for those of us using Angular 2/4/5/6
See the following issues in the ADAL.js github repo
azure-activedirectory-library-for-js/issues/510
azure-activedirectory-library-for-js/issues/379
Also keep an eye here: Vittorio Bertocci's Blog
There are a bunch of 3rd party efforts to create wrappers for later versions of angular, but they all need to be vetted before use (that is certainly what I am doing).
We do have plans for building wrapper libraries for Angular in the Azure AD SDK roadmap. However, we are focusing the efforts on the newer MSAL.js library which integrates with the Azure AD v2 endpoint and brings additional capabilities such as support for Azure AD B2C and signing in MSA accounts. You can track this issue on the MSAL.js repo.
I am developing an AngularJS application with some Asp.Net Core Web API support. This application is not using any database in backend. Now I want to implement a social login option for some privileged access. What is the best authentication mechanism without using any Asp.Net Identity tables?
As far I know OpenIddict is coupled with Asp.Net Identity So that I must implement a storage mechanism for that. Please correct me if I am wrong. I am also looking for other options like ASOS but it is too complicated compared to OpenIddict so I couldn't find a good solution with that.
Kevin Chalet published an excellent article but still I am struggling because of my poor technical knowledge on this subject.
http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/
Can you please guid me?
With the recent release of .NET Core 1.0, we're in the process of migrating our RC1 applications to the final release. The only piece we can't seem to figure out is how to integrate Active Directory authentication.
Previously in the RC1 applications, we had used the System.DirectoryServices.AccountManagement library to handle the LDAP authorization queries. However, we can no longer mix this library with .NET Core v1.
Generally, what is the best way to integrate Active Directory authentication into our applications using the libraries available for use in the .NET Core framework? IdentityServer, some other third party service like Auth0 or something else?
The Novell.LDAP library has been ported to .NET Core you can find it in NuGet. There are numerous samples available, including a verify password sample.
Best is subjective, really there's only one way right now, given the missing DirectoryServices namespace (which is planning for 1.1) - federation.
You'd have to install ADFS, and expose it to the internet. Then you configure it to act as an OAuth2 endpoint, and use the generic OAuth middleware to redirect logins to your ADFS server. You could also install the latest ADFS beta, which needs the latest Windows Server beta, and use OpenID Connect, but that's a lot of beta risks you may not find acceptable.
Or, if you just want the latest MVC pieces, run it on .NET Desktop, where you have full access to the directory services namespace.
The System.DirectoryServices namespace is currently being implemented in .NET Core, work is ongoing.
https://github.com/dotnet/corefx/issues/2089
Just want to say that they just issued a pre-release of the Microsoft.Windows.Compatibility which contains the System.DirectoryServices components needed to integrating with Active Directory
https://www.nuget.org/packages/Microsoft.Windows.Compatibility/2.0.0-preview1-25914-04
I'm using HDIV for JSF and Spring MVC applications to mitigate OWASP top 10 security risks. Now I have to implement the same in AngularJS.
Is there any library avilable similar to HDIV for AngularJS?
For client-mvc scenarios such as AngularJS Spring-Hateoas approach fits well with HDIV. Actually, HDIV has a module for that integration: https://github.com/hdiv/hdiv/tree/hdiv-hateoas
It’s not totally finished yet but the integration of URL resources works (see ResourceRequestDataValueProcessor) but it’s not finished the support for forms. When we started this module this data format for forms was not finished or defined, and that’s why we did not continue this work.
We think it could be possible a very integrated solution with HDIV following Hypermedia and HATEOAS
approach for client-mvc apps or also for native mobile apps. In other words, within REST Hypermedia approach all URLs or forms, excepting the first URL, are created in the server side, in a similar way of traditional server side MVC web technologies.
Please take a look to this module (hdiv-hateoas) and we can support you if you have any doubts.
Roberto Velasco (HDIV team)
Currently I am working on a LOB Silverlight application. Eventually, I need to implement a single sign-on for the new app and an old Classic ASP web app. Right now, the Silverlight App is secured using Forms Authentication through a custom Membership Provider.
Reading online, I've come to think that Passive Federated Security is what I need. But, I am struggling with following questions:
1) What is a relatively painless way to set up STS. I don't really want to spend a lot of time setting this up. I've take a look at WIF - it seems to require some platform changes so that really is not an ideal solution [Even though it seems relatively easy to set up]
2) How do I integrate Classic ASP app to use the STS? - Currently it is validating against a custom userStore and putting the authentication/authorization info in the session.
3) Eventually, users will be accessing both apps through a third-party portal that authenticates them outside of our organization. So, somehow the portal would need to be able to issue Security Tokens [SAML??] that the STS will understand.
I am currently focusing on 1 and 2. If anyone has even a slightest insight into this, that would be greatly appreciated.
Thanks,
Ravi
The latest Identity Training Kit contains a full lab that demonstrates SL + claims identity.