Has anyone got a working sample please with ServiceStack AD authentication for a Azure AD B2C tenant? We would like to use servicestack but I can only find this old post about Azure B2C and it doesn't have any code sample:
https://forums.servicestack.net/t/azure-ad-b2c-authentication/4655
An alternative to using one of the ServiceStack Community Azure Auth Providers directly is to configure it in your ASP.NET Identity or ASP.NET Identity Server OAuth App which uses the ASP.NET Core Identity Auth Adapter to translate Authenticated Identity Auth Requests to an Authenticated User Session in ServiceStack.
Related
I have an existing ASP.net application with OpenAM as SSO, and there is now a requirement to implement SAML 2.0 authentication setup with an existing Openam as IDP. It should be an IDP initiated SSO.I am quite new to SAML and didn't find any relevant articles to achieve this requirement. I will be grateful to any suggestions/help.
What I know about IdentityServer and OpenID connect is:
The IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. That incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications.
Further more OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. OAuth 2.0 defines mechanisms to obtain and use access tokens to access protected resources, but they do not define standard methods to provide identity information. OpenID Connect implements authentication as an extension to the OAuth 2.0 authorization process. It provides information about the end user in the form of an id_token that verifies the identity of the user and provides basic profile information about the user.
What I want to know is what is Azure Active Directory and How it is works? Did we use Azure AD with openid connect? or it is optional with openid connect? and If I've an webapi which is based on ASP.Net core 2.0 with identityserver 4. Did we deploy on azure without implement Azure AD? I m confused because I've an webapi project and a client project based on angular. when I deploy my client project as a new web app on azure its running fine. But when I deploy my web api on azure its not working. Means after deploying my web api when I do post request to get a token or when I want to register a user through my azure web api link it shows me 500 error in postman.
After facing this problem I post it on Here Stackoverflow but didn't find any helpful answers. So I again start searching and found that if we want to use openid connect with azure we must implement Azure AD. Here is the Reference. So in this question I want to know the difference between openid connect and Azure AD? and second question is. Is this possible to use openid connect without using Azure AD? Please explain your answer briefly. Thanks
I am confused with AspNetCore Identity,OpenId Connect and IdentityServer4. What is the relationship between them,and what is the suitable occasion for each of them?
OpenID Connect is a specification (an authentication protocol).
IdentityServer4 is an implementation of an OpenID Connect provider (server-side)
ASP.NET Core Identity is a user-management library (over a database). It can be used by an ASP.NET Core application to create users, verify password etc.
OpenID Connect providers using IdentityServer4 are ASP.NET Core applications, so they can use ASP.NET Core Identity to authenticate users on the login page.
I understand that the use of Azure B2C and ADFS together is not supported.
What are my options if I need both Facebook/Google for customers and ADFS for partners?
I know creating my own STS using IdentityServer, and fedearating to Azure B2C or ADFS would be an option, but then again - building my own STS is what I hope to avoid.
Regards
Larsi
UPDATE
B2C can federate with ADFS. Follow B2C MSDN Doc to federate.
OLD ANSWER
B2C at the moment does not allow federation to other STS.
Also it only supports OpenID Connect which is only available on ADFS 4.0 - Server 2016.
You can get this working by using IdentityServer as a bridge. Hook ADFS up via federation and B2C up via OIDC. Note that B2C uses an OAuth extension for the policies so you need some custom code in Identity Server to support this.
You can also use ACS and federate this with ADFS. (Although ACS will be deprecated "soon").
Refer: Azure B2C : Integration with IdentityServer
Or use a third party tool e.g. Auth0 as above.
Auth0 has tons of social providers!
This use case is trivial if you use Auth0.
Your app --> Auth0 -+-> Social logins (FB, Google, etc)
|
+-> ADFS Customer 1
|
+-> ADFS Customer 2
DISCLAIMER: I work there.
I have created an ASP.NET application and an Azure-AD domain. Currently, I have the ASP.NET auth set up to hit the wsfed endpoint in Azure-AD. Everything works fine, but the problem is that this issues a SAML token and I need a JWT. From what I have read after much internet searching, I need to authenticate to the OAuth 2.0 endpoint of my Azure-AD domain. The trouble with this is that with everything configured the way it is, I always get back a 400 from this endpoint, likely because my config file is all set up for fed auth. My question is how do I configure my ASP.NET application so that it can talk to the OAuth 2.0 endpoint of my Azure-AD domain?
I need to use passive authentication.
Azure AD supports the OAuth2.0 flow that you can execute once the user has signed in using passive authentication, to receive access tokens to make delegated calls to WebAPIs on behalf of the user. You can use the Active Directory Authentication Library (ADAL SDK) to execute the OAuth flow. This sample application does exactly that: http://code.msdn.microsoft.com/AAL-Server-to-Server-9aafccc1
However, for your scenario, we recommend the OpenId Connect flow now, instead of SAML SSO + OAuth. With Azure AD OpenIDConnect flow, the Web Application receives an SSO token (JWT id_token) using which it signs-in the user, and also receives an auth code (OAuth auth code) that it can redeem for an Access Token (JWT access token) to access WebAPIs on behalf of the user. Azure AD provides an OWIN component that does this. This sample application should see you through: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
Finally, refer to this help topic to find all authentications flows supported and recommended by Azure AD for your Web Apps/APIs and Rich-Client/Mobile Apps: http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx
Hope this helps