We have developed an Identity Provider to perform Single sign on using SAML 2.0.
I just want to know whether Sitefinity gives support for SAML protocols ?
I came to know sitefinity supports only Claims based authentication(using WIF).
And found something in Github link below,where sitefinity can extend to 3rd party STS/IDP like Google,FB,Amazon.
But these external auth are OAuth based(i guess).
https://github.com/Sitefinity/Sitefinity-External-STS-Integration/blob/master/README.md
Is it possible to use a SAML 2 IDP for performing SSO in sitefinity CMS?
Any suggestions,resource references will be of great help.
Sitefinity does not support SAML out of the box.
For more Reference,follow the link below
http://www.sitefinity.com/developer-network/forums/developing-with-sitefinity-/does-sitefinity-support-saml-2-0
And Sitefinity still doesn't support SAML 2.0. But using a package like this one I was able to add in support pretty easily using standard MVC Controllers and Actions and such: https://www.itfoxtec.com/IdentitySaml2
(I'm not affiliated with them, just a fan.)
Related
I need to implement Azure AD authentication and authorization for my ASP.NET MVC web application using MSAL.NET with authorization code flow and I need to call my own API.
I can see a lot of manual code implementations on the internet to redeem authorization codes etc...
I know the latest version of MSAL.NET will handle auto code redeem without writing any manual code but how to use it, any good example will help me a lot.
Second, what are the best practices followed while using MSAL.NET with authorization code flow to call my own API?
Note: I am using the .net framework.
Thanks in advance.
This might be helpful
Microsoft.Identity.Web adds extension methods that provide convenience services for calling Microsoft Graph or a downstream web API. These methods are explained in detail in A web app that calls web APIs: Call an API. With these helper methods, you don't need to manually acquire a token.
https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-acquire-token?tabs=aspnetcore
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Also you can use custom solution like below
https://identitymodel.readthedocs.io/en/latest/client/token.html
Start reading from here, it supports the following frameworks:
.Net Core
.Net framework
For MVC ensure first that u are using either Asp.net Core or normal .net framework. Once you have figured that out. You can find the relevant code which you can refer to generate the token logic.
Read here for more details about the MSAL authentication library.
MSAL authentication library for dot net
Code samples collection.
https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code
I am implementing OIDC/OAuth authentication & authorization in a classic ASP.net MVC application using OWIN. For API calls that are not supported by Microsoft's OIDC middleware, it appears that I have some choices.
I can craft and make rest request directly to the IdP.
I can use classes contained within System.IdentityModel.
I can use classes contained within Microsoft.IdentityModel.
I can install and use IdentityModel built by Dominick Baier and Brock Allen
There may be other choices too. Among the above, it appears that IdentityModel by Dominick and Brock is the most mature, advanced and complete.
Given that I am using classic ASP.net MVC with OWIN, should I favor one method over the other or will I need to use a combination of the above? Where would I use one over the other? What would be some pros and cons?
I know there are some older posts comparing System.IdentityModel with Microsoft.IdentityModel, but I more interested in what's best in 2020. :-)
Mark
IDENTITY MODEL
For C# the IdentityModel HttpClient extension methods provide a nice facade over OAuth messages, as in this example class of mine.
SYSTEM.IDENTITYMODEL
This has some classes you can use in a Server Side web app, eg for claims / principals.
MICROSOFT.IDENTITYMODEL
This mostly contains old / redundant WS-Federation stuff and is best ignored.
OWIN
This does cookie handling for server side web apps in addition to handling OAuth / OIDC messages. IdentityModel is more token based than cookie based.
SINGLE PAGE APPS
My personal preference these days is to develop Single Page Apps. In this setup I would use IdentityModel libraries if building C# APIs.
SUMMARY
I would definitely use the IdentityModel Client library for the extra requests you refer to.I don't think it will do cookie issuing though, so maybe continue to use OWIN Openid Connect for that.
I have to develop an ASP.NET MVC website. For authentication, we have decided to use OKTA as the authentication provider. We do not want to use Okta API, but we would like to use SAML implementation. Are there any articles/guidelines available on this? I also would like to know how can we extend this to a WCF service. All of these will be hosted in Azure.
Here are the SAML libraries that I suggest using to add SAML to an ASP.NET MVC website:
For .NET Framework 4.5 or above use Kentor Authentication Services.
For .NET Framework 4 or below use ComponentSpace SAML 2.0. (Paid software, licenses start at $299)
High level guidance on adding SAML support to an existing application is available here: http://developer.okta.com/docs/guides/saml_guidance.html
Does anyone know of any code samples on how to use DotNetOpenAuth with Facebook using ASP.NET MVC 3 (or any version of MVC for that matter)? The samples that come with the library do not have any Facebook examples (it looks like they used to according to some posts but not anymore).
Any help would be appreciated.
Facebook uses OAuth 2.0 instead of OpenID for logins, so you must download the DotNetOpenAuth CTP in order to get the Facebook login sample. And the sample isn't for MVC, it's for web forms. But since it's all code in the code-behind anyway, you hopefully can make the translation yourself.
If you don't have your heart set on DotNetOpenAuth, you could also take a look at Windows Identity Foundation. It also supports OAuth 2.0 and Will give you the flexibility to use other authentication providers.
Please I would like someone to tell me if dotNetOpenAuth single-sign-on.
All I want to achieve is to be able to seamlessly logging to all domains without redirect to third party system for authorisation or Authentication within a mixture programming platforms e.g (PHP or .Net)
DotNetOpenAuth library is a simple library to implement Single Sign On for .NET based application. The only issue I faced was related to performance. It was found to be a known issue with a particular API that cause the sluggishnes.
DotNetOpenAuth can be used for SSO solutions, but each new web site a user visits does need to perform a redirect to the identity provider. In a controlled SSO environment, that provider may never appear to the user, so the login is totally transparent. There are a couple of samples of an SSO configuration that comes with the DotNetOpenAuth download.
DotNetOpenAuth will help you do what you want to do provided you can support OpenID from PHP. You need to implement a provider (the site that authenticates you against a DB or other store), and a consumer (the site you want to log into).
My recommendation would be to consider the authentication protocol you wish to use rather than a specific library at first. In the case if DotNet OpenAuth it has support for:
OpenID
OAuth
InfoCard
These are just a few of the protocols available. You should also look into the SAML family of protocols, in particular SAML 2.0.
There are implementations of SAML for PHP, .NET, and many other platforms. You might want to look at a comparison between OpenID and SAML in order to choose which is better for you.