I have to develop an ASP.NET MVC website. For authentication, we have decided to use OKTA as the authentication provider. We do not want to use Okta API, but we would like to use SAML implementation. Are there any articles/guidelines available on this? I also would like to know how can we extend this to a WCF service. All of these will be hosted in Azure.
Here are the SAML libraries that I suggest using to add SAML to an ASP.NET MVC website:
For .NET Framework 4.5 or above use Kentor Authentication Services.
For .NET Framework 4 or below use ComponentSpace SAML 2.0. (Paid software, licenses start at $299)
High level guidance on adding SAML support to an existing application is available here: http://developer.okta.com/docs/guides/saml_guidance.html
Related
I have an existing ASP.NET MVC 5 application that uses a custom authentication scheme and sessions for storing state using ASP.NET_SessionId cookie.
Now there is a requirement to put a React front-end in front of an ASP.NET Core Web API. There is an opportunity to reuse some of the service code from the API. The showstopper is the authentication.
Is it possible to reuse/share the existing cookie and authentication scheme from a React web application? JWT and IdentityServer appear to be solid options but would require a significant rewrite to the existing system.
As far as I know, if you want to share authentication cookies between ASP.NET 4.x and ASP.NET Core apps, you need to rebuild the asp.net core cookie authentication.
Since the asp.net core and asp.net use different way to encrypt the authentication cookie, so you should let them use the same way to encrypt the cookie to get the token work for both asp.net and asp.net core application and make sure there are in the same domain.
More details about how to set the application to share cookie between ASP.NET 4.x and ASP.NET Core apps I suggest you could refer to this MSFT example.
Some part of the document:
ASP.NET 4.x apps that use Katana Cookie Authentication Middleware can be configured to generate authentication cookies that are compatible with the ASP.NET Core Cookie Authentication Middleware. This allows upgrading a large site's individual apps in several steps while providing a smooth SSO experience across the site.
When an app uses Katana Cookie Authentication Middleware, it calls UseCookieAuthentication in the project's Startup.Auth.cs file. ASP.NET 4.x web app projects created with Visual Studio 2013 and later use the Katana Cookie Authentication Middleware by default. Although UseCookieAuthentication is obsolete and unsupported for ASP.NET Core apps, calling UseCookieAuthentication in an ASP.NET 4.x app that uses Katana Cookie Authentication Middleware is valid.
Katana Cookie Authentication can be used to reuse cookie among app. For more detail please find the documentation for Share Authentication Cookie among app
I am going to create an web app using Dot Net Core. In future, i will also create mobile application for the same application. Now, i am in thinking the architecture of the project. I want to use WEB API core using Asp.net Identity Core. Also, i will consume WEB API in MVC Core application. But the question i have in mind that how i can handle ASP.net identity with MVC and WEB API? Do i need to include in MVC as well or only in WEB API?
I tried to think hard but still confuse. Need suggestions.
You can use token based authentication .
In a resource owner flow scenario , your client app( mvc application/native application) will consume your web api by providing user's credential , web api will validate the credential(using ASP.NET Core Identity) in database , If the username and password are correct then a JWT authentication token and the user details are returned. Your client app could validate the token and sign in user :
ASP.NET Core 2.2 - JWT Authentication Tutorial with Example API
Tutorial built with
Token Authentication in ASP.NET Core 2.0 - A Complete Guide
In addition, IdentityServer4 is a good choice when you want to roll your own full-fledged OpenID Connect authorization server that can handle complex use cases like federation and single sign-on.
So your question is maybe a bit open-ended for Stackoverflow and you don't really show what you have tried so far.
I will try to answer though. First you just need to start out with a template for your project. Start an MVC project in which you can easily have API endpoints as well. I would suggest splitting those in two projects for clarity - but if it is just a small personal project then you probably are fine having them in the same project. Microsoft have a pretty good resource on MVC:
Microsoft MVC walkthrough
For the Identity part. You would need some kind of authority for it to work. I suggest you take a look at IdentityServer4. Which offers an excellent walk-through of how to set it up and how to integrate it with Asp.NET Core Identity:
IdentityServer4
I have a ASP.NET Core web application, having builtin authentication.
How can I authenticate Xamarin native mobile app with web app and use web services?
Is there any Xamarin library for authenticating Microsoft Identity Server?
I found an article describing creating web service backend in ASP.NET core, but it omitted authentication (why?) :
https://learn.microsoft.com/en-us/aspnet/core/mobile/native-mobile-backend
In the article they use Web API template, problem is that ASP.NET Core does support personal authentication from a box (at least for right now)
Take a look at this project OpenIddict. It's really easy to use and thay have a lot of examples how to build your own authentication service based on ASP.NET Core Web API. There is only one drawback of this project (by my opinion) - from the box OpenIddict supports only EF Core as data access library, but you can implement your own provider.
There´s no Xamarin client for Microsoft Identity Server per se, but you can use oAuth2. It´s pretty standard.
Implementing an oAuth2 server like OpenIddict, IdentityServer or AspNet.Security.OpenIdConnect.Server you can use any oAuth2 client to authenticate, either way from a javascript application or Xamarin.
For Xamarin/.NET clients, there is an awesome client (PCL) called IdentityModel.
We're building a Windows-authenticated ASP.NET MVC app. This will then call into an ASP.NET WebAPI layer sat on a different server.
We don't have Kerberos enabled so assume authentication with this will be via some form of Basic auth. We're also looking to use ASP.NET Membership/Identity for role management. All communication with the Membership database will be via the WebAPI.
Can anyone give guidance on how best to handle issuing authentication tokens for communication between the MVC and WebAPI apps, and how Authorize attributes may be used across both layers?
I've blogged detailed series of posts about Token based authentication in Web API using ASP.NET Identity, it should answer part of your questions, check it here
Does anyone have or know of any example of integrating an ASP.NET MVC application with OpenAM?
I have an application deployed with ASP.NET MVC 2 where the authentication is perforned using forms authentication, and I need to change into authentication using Single Sign On via OpenAM.
I've been searching for a code example of OpenAM integration from .NET, but I have found almost nothing so far. A code example would be very appreciated.
Thanks in advance!
if you want to accomplish this scenario over SAML protocol, then it is not problematic.
You have to download and install OpenAM on Tomcat Appache server. Configure it. Then on page .Net Fedlet you can find details about the .Net Fedlet. That is library set and application sample written on .Net, how to adjust your asp.net application to target OpenAM server. This library supports SAMLP from your web application.
What I am looking for and I have not found yet is the same scenario but over WS-Federation and with usage of WIF. If I found out how I will write it here.