I'm trying to port a powershell module to .Net standard. One thing I notice is that the UserPasswordCredential class is not present in the .Net standard library. Is it not possible to perform a username/password flow login using adal in .Net Standard/Core?
Yes, UserPasswordCredential is not available for .Net Core. However, as a workaround you can construct the HTTP request directly. More detail, you can refer the thread here.
Related
I want to develop a Java Web App to consume some Microsoft Graph Services. According to Azure Portal's "Quick Start" tab, they recommend MSAL to authenticate and call the services (com.microsoft.aad.msal4j.*).
On the other hand, I've found https://github.com/microsoftgraph/msgraph-sdk-java-auth, which offers a nice API to use the services, but the last uptade is from more than a year.
Which should I use? I'm a bit afraid the SDK gets deprecated.
Thanks.
If you have a look at the dotnet version of this library, you'll see it uses MSAL. Whenever the Java msgraph auth library was started, MSAL Java wasn't ready. There's work that needs to be done to align the Java auth library with the dotnet one so it uses MSAL as well. I'd say go ahead and use the Java auth library keeping in mind a few things:
It will change as the required work gets done
Auth libraries for msgraph SDKs are all in preview and might change in the future
There's currently a limitation addressed by this pull request and that you can workaround as documented here
I have a .NET Core 3.1 WPF app that I'm working on. In order to work with our older application it needs to validate credentials that are entered into a dialog for a local account. How can this be done?
It appears that all of the necessary classes have not been included in .NET Core yet, because the System.DirectoryServices package does not yet have the AccountManagement.PrincipalContext class that used to be used for this purpose.
Clarification
I have to validate creds for an arbitrary user account that may or may not be the account executing the app.
I hate to tell you, but the simple answer is that you can not. Interaction with active directory. There are limits on how integrated DNC 3.1 is - and you stumbled upon one. Supposedly dotnet 5.0 will better integrate.
For now, you can either use win32 / native syntax for this, or use a server side proxy that handles the authentication.
To my knowledge, you re requirements are simple not implemnented in the scope of the platform chosen.
Anyone please feel free to correct me.
Update: This is doable in .NET not core - so you can put up a smple website for this as service in .NET. So from the wpf side this turns into "make a http request".
Just looking for an example project of a full framework (4.7.2) API that's being protected with access_token (bearer token) using IdentityServer4 as the authority. Seems like that would be pretty common but I can't seem to find one.
BTW - not talking about running IdentityServer in 4.7.2, or a 4.7.2 web site, just a plain old MVC Api project that runs in 4.7.2 that will be protected by an access_token that comes from IdentityServer.
Thanks!
So all you need is to validate an access_token?
Use IdentityServer3.Contrib.AccessTokenValidation -- a fork from the original IdentityServer3, refactored according to the recent framework.
I built an Azure WebAPI. I did not create the project with Authentication at the time it was first created. I added Active directory Authentication based on a code sample from Microsoft. It utilizes Microsoft.IdentityModel.Clients.ActiveDirectory which I got from NuGet. It works just fine.
I then created a WebAPI from VS 2017 and selected Authentication (using AD) at the time of project creation. It included Microsoft.AspNetCore.Authentication.AzureAD.UI.
I am not sure of the difference between these two NuGet modules nor which is better suited for my Azure WebAPI.
Then comes the modules to use in a .NET WPF client. There is no AuthorizationContext class (and others) in Microsoft.AspNetCore.Authentication.AzureAD.UI. Should I stick with Microsoft.IdentityModel.Clients.ActiveDirectory in the .NET WPF client or are there equivalents in Microsoft.AspNetCore.Authentication.AzureAD.UI?
For your web api project, answer is it depends on what you're trying to do from within the web api. For most simple scenarios where you just need to read/validate tokens, you should be good with the added Microsoft.AspNetCore.Aurthentication.JwtBearer nuget pacakges. More detailed question/answer available in this SO post
In case of your WPF client application although, you won't have much choice. You will need to work with ADAL or MSAL based on which AD version/endpoints you want to use. Also, in case of WPF client more probably than not you will need to acquire a token from Azure AD so internal operations (which library will take care of under the hood e.g. authenticationContext.AcquireTokenAsync) will be a little more involved than just reading the provided token from a header and hence the package.
With the recent release of .NET Core 1.0, we're in the process of migrating our RC1 applications to the final release. The only piece we can't seem to figure out is how to integrate Active Directory authentication.
Previously in the RC1 applications, we had used the System.DirectoryServices.AccountManagement library to handle the LDAP authorization queries. However, we can no longer mix this library with .NET Core v1.
Generally, what is the best way to integrate Active Directory authentication into our applications using the libraries available for use in the .NET Core framework? IdentityServer, some other third party service like Auth0 or something else?
The Novell.LDAP library has been ported to .NET Core you can find it in NuGet. There are numerous samples available, including a verify password sample.
Best is subjective, really there's only one way right now, given the missing DirectoryServices namespace (which is planning for 1.1) - federation.
You'd have to install ADFS, and expose it to the internet. Then you configure it to act as an OAuth2 endpoint, and use the generic OAuth middleware to redirect logins to your ADFS server. You could also install the latest ADFS beta, which needs the latest Windows Server beta, and use OpenID Connect, but that's a lot of beta risks you may not find acceptable.
Or, if you just want the latest MVC pieces, run it on .NET Desktop, where you have full access to the directory services namespace.
The System.DirectoryServices namespace is currently being implemented in .NET Core, work is ongoing.
https://github.com/dotnet/corefx/issues/2089
Just want to say that they just issued a pre-release of the Microsoft.Windows.Compatibility which contains the System.DirectoryServices components needed to integrating with Active Directory
https://www.nuget.org/packages/Microsoft.Windows.Compatibility/2.0.0-preview1-25914-04