I've been looking around for information on this for a little while and keep seeing what appears to be how to set up a OAuth2 server in ASP.NET.
What I want is like the "app.UseMicrosoftAccountAuthentication" where I can use an external login service but that service is standard OAuth2 and not one of the built in providers. I'm not finding a lot of documentation on that subject and would like it if someone could point me in the right direction!
There isn't really such a thing as a standard oauth2 provider when you are looking for authentication. See http://www.cloudidentity.com/blog/2013/01/02/oauth-2-0-and-sign-in-4/ for a discussion about it.
Which providers were you looking to support?
Related
You might heard about shibboleth and their great solutions as for Identity Provider (https://shibboleth.net/products/identity-provider.html) so is for Service Provider (e.g. nginx https://github.com/nginx-shib/nginx-http-shibboleth).
It's known that Google offers its own SAML2 IDP and we want to use it:
nginx needs to know what user from google is in order to proceed with website. Was possible to do that on that tier with shibboleth, but I have quite hard times finding solutions with Google.
Anybody has some ideas? Thank you!
Have you seen this project on github?
Looks like it is a SAML Auth provider for Google Apps.
I'm currently investigating an elegant solution to this problem, but I wanted to get this question out here in order to get any advice/suggestions/answers to this problem.
I am working with an authentication system (forms authentication) that the client uses for authentication.
Current Steps:
Redirect to URL for forms authentication.
Enter Username/Password
Get back form data. Specifically: Context.Request.Form["Token"]
I am able to perform all of these steps. I am trying to think of the right path to get the middleware to take care of this problem. I'm currently wondering if I could simply use the Microsoft.AspNet.Authentication.Cookies to solve this problem. With this approach, I would implement my own ICookieManager to look at the Form data.
Advice/Suggestions/Answers?
Thank you in advance!
I came up with my own answer to this question, so I wanted to share.
As I said, I am working with a forms authentication system. Part of the forms data is a 'Token' value. My solution involved two parts:
I created a middleware component to intercept form data, look for a 'Token' value in the forms data, and write that to a cookie.
I used Microsoft's Cookie authentication middleware implementation, but I had to override one of the options, TicketDataFormat. Their implementation expects a serialized/encrypted ClaimsIdentity. My token was not that, so I had to implement my own thing to create a ClaimsIdentity based off the token.
I'll be happy to share more detail if anyone is interested, but that is the jist of my solution.
I don't have a specific advice for you.
However now it's available quite good official documentation:
ASP.NET 5 Security
There you can find more information, including Authentication in ASP.NET 5
I hope it will help you.
I will soon need to add SSO to an ASP.NET app using SAML. The client will not provide access to their Shibboleth identity provider for testing, so I'll need to verify that SSO works myself.
What would be the easiest method to use/setup a SAML identity provider for testing? I'm not keen on having to setup an infrastructure myself if I don't have to.
I'm planning on using a SAML component from http://www.componentspace.com/
If you are a SaaS Provider - Check out "Getting Ping Certified"
http://www.pingidentity.com/partners/becomeapartner.cfm
All your suggestions look quite helpful.
For others who may find this page, the ComponentSpace SAML 2.0 component comes with an Identity Provider that appears to mimic Shibboleth. This appears to be the easiest way to test adding SSO to your own application.
There are sample codes on the net for OpenId Client but none for OpenId Server. Do you know some ?
I know about dotnetopenAuth but there seem to be no tut on how to use as OpenId Provider. I don't even know if it can do that. Maybe it can just be used to create openid consumer app.
You mean like dotnetopenAuth?
There are lots of other implementations for other languages which can be found here (OpenID wiki).
Does anyone know of an ASP.NET guide to implementing OpenID and what information can be returned by the OpenID provider? I understand you can get the email address but if someone logs in with their Google OpenID can you get access to their addresses?
Yes, OpenID Providers can and often do offer 'claims' or 'attributes' about the people logging in if the OpenID relying party requests them and the user consents to these data being shared.
If you use DotNetOpenAuth for your ASP.NET OpenID library, it has built-in support for several ways of getting these attributes but keeps it simple on your side to get at them regardless of which way the Provider offers them. If you download the library it comes with a sample of how to do this.
As far as work address, and some other attributes specific to certain domains (domains of data--not Internet domains) very few Providers offer them. The best you can do is get "full address" and ask the user if that's the one they want to use.
This should help: http://www.eggheadcafe.com/tutorials/aspnet/4b3c7c9b-fe80-4e6e-a34e-0e9efed5c575/integrate-openid-authenti.aspx
Or a "simpler" one: http://madskristensen.net/post/OpenID-implementation-in-Csharp-and-ASPNET.aspx
Document describes how to implement Google login into your web application
and Third-party web sites and let you aware how OpenID authentication works.
Here is the step-by-step process to implement OpenID on your ASP.NET application using DotNetOpenOAuth libraray.
Tutorial demonstrates how to add OpenID support to an existing site that already has traditional membership without breaking anything in AspDotNetMVC.
I just blogged about this here. this shows how you can get extra information from these providers
http://blogs.msdn.com/b/webdev/archive/2012/08/22/extra-information-from-oauth-openid-provider.aspx