I need to build an ecosystem of online tools (these tools are on various platforms like Moodle, Website Baker, ASP.Net, php, etc, some already built, some purchased from other vendors and some to be built), where I want a single login that the end user should have.
These tools, standalone, have their own login mechanism in place at the moment.
I am planning to build a central system on DNN where users register and this system exposes an oAuth service that other systems use to authenticate users against.
I am considering DNN (DotNetNuke) platform for the following reasons:
1. I am an ASP.Net developer and familiar to some extent with DNN (Not a whole lot, but enough to know that it has the concept of providers and modules that I can customize as per my needs).
2. I will need a shopping cart and a registration system which I am hoping to get some ready-made third party solution.
WHAT I NEED INPUTS ON:
Is there some DNN component out there already that exposes oAuth authentication from a DNN site? I am looking to implement something similar to what Google has implemented for it's oAuth interface.
If I understand you correctly, you are trying to build is called 3 legged authentication with oauth where you want dotnetnuke to be the provider. In order to do that in dotnetnuke, you need to provide a UI where consumers can register and get AppId and consumerKey. Once that is done, Consumer will send user to dotnetnuke for login. Dotnetnuke will validate the user and return appropriate information to consumer.
Here are some things that can help you:
DotNetOAuth library
OAuth website
http://code.google.com/p/extremeswankoauth/wiki/Server_Examples
http://www.cleancode.co.nz/blog/523/oauth-dot-net
Example oAuth implementation in java
Let me know if you need more help.
I don't know if it is the best way to accomplish the solution but it was what I did.
There's a code sample of DotNetOpenAuth here which uses OAuth to authenticate users. Probably you will see that there are more examples, and even newer but .. pay attention because If you are using the last version of DNN (7.x), it works using the .NET Framework 4 and the newer samples uses 4.5. So, take a look of the first example! The ASP NET Handler called OAuth.ashx is your OAuth Service provider.
Then, I built a DNN module based on the sample to make DNN work as OAuth Service.
I followed this guide to build the module. There are some videos which shows the basic of module development.
Related
So I have been looking into OAuth lately, I want to authorize another of my domain which has separate database using OAuth. Upon searching I found auth0.com. Which sounded similar to Oauth and I created a sample implementation, it offers support for custom databases also. We have users stored in external api running on .net core, and I learnt that auth0.com is not free after trial expiration. So my efforts kindof got wasted. Now I am looking for authorization method that works for both domains.
Now my question is, does it even make sense to use Oauth for this task? Since I won't be giving it to third party and it's matter of two databases. How should i approach this and what are opensource Oauth services that allow custom database.
We might want to create third party API to access our Plone CMS site data. One of possible methods to share the user priviledges in third party systems is OAuth2, as used by Twitter, Tumblr and Facebook. This way the third party gains the user priviledges after the user clicks "Allow" in the dialog for accessing one's data.
Is there an existing solutions where Plone acts as OAuth2 host (not sure about the terminology)
What other options there might be for this use case
I am not in rush, this is 2014 planning :)
As far as I know pmr2.oauth is the only package (disclosure: I also wrote this) that provide OAuth provider support for Plone (i.e. this lets Plone act as an "OAuth host", including support for scope so to let users know what they are allowing, like Twitter et. al.). There is another package that I briefly looked at called wsgioauth, but it is a fairly general package and it's for wsgi, so I ended up building my own package (and it looks like wsgioauth hasn't been maintained for 3 years now).
Currently it only supports OAuth 1.0; reason for that is that at the time of development there were no good OAuth 2.0 libraries, especially for providers. Only recently the support for RFC 6749 (the actual OAuth 2.0 standard) is beginning to surface through oauthlib, which is the library that does the signing of requests for pmr2.oauth. That said, hopefully I have it written in a way that is modular enough to plug in support for OAuth 2.0, or at least the core is easy enough to be modified to include support for this. I would be more than happy to have the Plone community to take it and improve on it (or even fork it off, or anyone knowledgeable in this area) as I don't have any immediate plans to include support for OAuth 2.0 yet.
I feel a bit overwhelmed right now with how to approach building an SSO solution for a project I'm taking on. I understand that I need a centralized login site, but, I'd like input on what framework I should be using to achieve this. I've been reading a bit about Windows Identity Foundation (WIF), but, the lack of documentation and code samples is quite disappointing. DotNotOpenAuth sounds like it has much more usage by the community than WIF, but, I'm not sure if that's the right framework for me to use given that I am not going to be letting third-party accounts be used for logging in.
There are multiple user data stores to take into account as well; active directory and a SQL Server database.
I really don't care what framework I use so long as it's simple and intuitive; I don't want an overly complex solution. Documentation and samples are also a plus! I already have experience with creating custom role providers and membership providers; those were a breeze and easy to do.
Here is a very quick visual of the structure I'm dealing with:
Refer: Claims Based Identity & Access Control Guide and Identity Developer Training Kit. There's WIF samples there.
In terms of what you want to achieve, ADFS v2.0 will get you most of the way but it can only authenticate against AD. For SQL server, use IdentityServer and then federate ADFS and IdentityServer.
Have a look at SAML. It is designed to address SSO. You may also want to look into OpenID.
There are enterprise products out there, such as CA Site Minder or IBM Tivoli for this kind if thing. They are not cheap because building a custom solution for this will be quite a feat.
If you are .NET based - then .NET 4.5 (which includes WIF) is the way to go.
But the framework will be you simplest problem. Building that kind of security infrastructure is hard. Have a look at both the book and idenitity server from nzpcmad's answer as a starting point.
As far as cross-platform goes, SAML tends to lead the pack. There are many implementations (java, php, perl). As Dominick (#leastprivilege) mentioned, if every application is .Net based, WS-Fed via WIF is the way to go. (btw, Dominick is the man when it comes to WIF - definitely hit his blog and forums up if you plan on exploring that route)
OpenId and OAuth are alternatives that you will hear about. They are somewhat less secure (the trust is in the user, rather than the infrastructure) and you will find that you will have to build a provider in order to support sign-in using your own user store.
Regardless of the route you choose, be prepared to do a lot of reading and learning. Check out the wikipedia articles above for a nice overview of how these technologies work, and don't be afraid to ask questions..
I need to add social media login capabilities to a site and got stuck a bit, mostly because of the, more or less, non existing beginner documentation regarding these two.
I grasped the basics of DotNetOpenAuth by checking nerddinner but some here suggest WIF so I started looking into it. I realized quickly that just getting clear info explaining if this is feasible at all on shared hosting was not easy. I don't really want to pump through all reference knowledge, technical overviews (checked some out anyway), but just to be able to see the basic functionality.
So my questions are:
Where can I find any tutorials showing the basics and bare minimums needed for WIF to function in an explanatory manner? Preferably setting up WIF in a single MVC site combined with local authorization. Is there any step-by-step documentation at all?
Is WIF feasible, at all, on a single site or would the best option be to find other solutions like DotNetOpenAuth or use the separate APIs? When trying to get to the bottom of this, I have only found information regarding the value of WIF in large, multi-application, and platform environments combined with AD / ADFSv2. Which is completely outisde the bounds of what I need.
When I look at information on WIF, it's mostly linked to ADFSv2 and STS. Is this possible to implement at all for deployment on shared hosting for example?
Any input on the matter is appreciated.
WIF - see the How-to section here.
Also Get Started with Windows Identity Foundation (WIF).
Your best bet is probably to use WIF / ACS. Good link here or look at Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service (ACS) Content Map.
The other way is to add OAuth2 to a custom STS. Refer Identity Server for a really good example of this.
DotNetOpenAuth definitely works on shared hosting, and requires no set up on the web server at all (it's just a .dll in your web site's Bin folder). Depending on the social networking sites in particular that you want to hook up to, it can be just a few lines of code to wire everything up if you're hooking up to OpenID enabled sites.
If the sites you're hooking to use OAuth or OAuth 2, there is more code to write for each individual site to work against their particular proprietary API, but that would also be true for WIF unless they have code to support specific web sites that happen to align with your own.
Please I would like someone to tell me if dotNetOpenAuth single-sign-on.
All I want to achieve is to be able to seamlessly logging to all domains without redirect to third party system for authorisation or Authentication within a mixture programming platforms e.g (PHP or .Net)
DotNetOpenAuth library is a simple library to implement Single Sign On for .NET based application. The only issue I faced was related to performance. It was found to be a known issue with a particular API that cause the sluggishnes.
DotNetOpenAuth can be used for SSO solutions, but each new web site a user visits does need to perform a redirect to the identity provider. In a controlled SSO environment, that provider may never appear to the user, so the login is totally transparent. There are a couple of samples of an SSO configuration that comes with the DotNetOpenAuth download.
DotNetOpenAuth will help you do what you want to do provided you can support OpenID from PHP. You need to implement a provider (the site that authenticates you against a DB or other store), and a consumer (the site you want to log into).
My recommendation would be to consider the authentication protocol you wish to use rather than a specific library at first. In the case if DotNet OpenAuth it has support for:
OpenID
OAuth
InfoCard
These are just a few of the protocols available. You should also look into the SAML family of protocols, in particular SAML 2.0.
There are implementations of SAML for PHP, .NET, and many other platforms. You might want to look at a comparison between OpenID and SAML in order to choose which is better for you.