I have asp.net web api authentication with external providers and asp.net mvc application. I want to authenticate from the mvc app. I follow instructions from this post: asp.net web api 2: how to login with external authentication services? but how can i get the access_token after redirect from provider page?
Related
I have an MVC project that sends/receive data to/from a web API.
In my MVC project, users can log in to access certain pages.
I would like to implement an "authentication service" with tokens to acces my web API for 2 reasons :
1) To secure my web aPI
2) To access the id of the user that is logged in on my MVC app
I have read following statement :
The basic flow of things here is that your users will authenticate using OpenID Connect on your MVC site, after which they can get an access token to authorize access to the Web API using OAuth.
My question is :
I already have a project for my MVC app, a project for my web API. Do I need a third project for the token service?
If not, in which project do I implement it?
If anyone has an example or tutorial that would be great too.
My understanding is I would have:
My MVC application
IdentityServer, running as a separate web application, possibly on the same IIS server
If I used a package support SAML such as Kentor to add SAML support to IdentityServer, what would the SAML authentication experience look like to the user?
They go to a restricted page on my MVC application, it detects they are not logged in, redirects them to IdentityServer, and IdentityServer would then redirect them to the SAML endpoint(such as ADFS) to enter their credentials, then be redirected back to IdentityServer which would them redirect them back to my web application.
Is that correct?
Correct - for identityserver 3 and sample as below.
What protocol is your MVC app. using to connect to identityserver?
OOTB, identityserver would show you its logon page (much like HRD) and the user would have to click the SAML IDP button.
Refer : IdentityServer : ASP.NET MVC application to idsrv3 to ADFS via SAMLp 2.0
I am spiking a solution with Thinktecture IdentityServer V3. The setup of the project is an Asp.net MVC 5 site which uses forms authentication to authenticate the user, we also have a number of web api sites which are hosted seperately.
I would like to use IdentityServer to SSO into the web api sites. this is an internal solution and would like to somehow programatically login to the identity server instead of been shown the login screen.
Is this possible?
Many thanks
Check this link.
https://github.com/IdentityServer/IdentityServer3/issues/831.
You can sign in as resource owner, but SSO won't be possible.
We can always customize the login page provided on IdentityServer.
Following this guide I have created asp.net mvc5 webapi portal with UseGoogleAuthentication enabled and trying to implement API usage by authenticated users only:
https://db.tt/ncE1TlNi
https://db.tt/8vRq1beS
Template generated by Visual Studio works fine and I can create accounts/authenticate but I didn't find any information on how should I implement same thing from the mobile client and call API as authenticated user (API intended for mobile authenticated users).
Thank you for any guides and suggests.
Read this article to understand OWIN security middleware. In mobile application you can retrieve access token from url fragment after authentication.
I am writing an ASP.Net WebApi application and I want to secure it using a combination of Custom Login (like ASP.NET Membership) and Social Logins (Google,Facebook,Twitter,LinkedIn and hopefully many more). User should be able to select any of them.
My client is pure HTML/JS SPA application and for that i will need to implement Implict grant flow of OAuth.
The options i see right now are
Use Thinktecture's Identity Server and Authorization Server.
Use DotNetOpenAuth library.
Can anyone point me in the right direction ? Which one of the above options can work for me?
Thanks
Why not follow the same pattern in MVC 5 SPA template, which already did exactly what you want to do:
It uses resource owner password login flow with ASP.NET Identity API
Support Social Login (Google, Facebook, Twitter, Microsoft Account)
Its client uses knockout and pure html/js
It uses implicit grant flow to convert social login to application access token
The template uses OWIN security middlewares, which can support:
Cookie auth
Bearer token auth
Social login auth
OAuth 2.0 Authorization Server flows and extension grant, which you can customize your own
You may need my blog to better understand the whole security story in the SPA template.