I have been researching for a while now about how to implement an OAuth provider to secure my web api, but without good results.
For what I've seen so far, apparently there are only three libraries to develop an OAuth provider in .net:
1- DotNetOpenAuth
2- DevDefined
3- OAuth.net from madgex
madgex doesn't have any documentation for providers at all, at leats I haven't found anything, same with DevDefined, well, the last one has some documentation, but it lacks samples.
DotnetOpenAuth I think is the one most developers use, but I'm having a hard time to understand its samples, and documentation is terrible.
Has anybody implemented any of these libraries to write an Oauth PROVIDER, NOT CONSUMER, or anyone knows where I can find a decent documentation fro any of these.
For the record im trying to develop a 3-legged oauth provider.
Can anybody help me out here??
Have you checked out this project template, which although it's MVC 2 should provide some useful ideas for doing it in MVC 3:
http://visualstudiogallery.msdn.microsoft.com/81153747-70d7-477b-b85a-0374e7edabef
Then there is the OAuthServiceProvider sample that comes with DotNetOpenAuth, which is WebForms but the principles are mostly the same.
A good sample of DotNetOpenAuth implementation could be found here Releasing an ASP.NET MVC 3 OpenId StarterKit under Open Source License
Project url: http://mvcopenid.codeplex.com/
It should be good for you to start with.
UPDATE
By the way in ASP.NET MVC 4 third party auth providers it is out of the box.
I have followed the steps mentioned at https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Security-scenarios to implement an OAuth 2.0 authorization service.
I have used the below link to create security certificates:
http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/
Don't forget to change your solution to use the thumbprints from the certificates created by you.
This is the best place to understand the OAuth 2 protocol:
https://www.rfc-editor.org/rfc/rfc6749
Related
I have an Dotnet Core API application which uses IdentityServer4 as IDP. The frontend is built in Angular.
Now, I need to connect to Successfactors of one of my client. I understand SAML is the best federation protocol there.
Please suggest what should be my approach here and relevant tutorials that I can follow. I am not getting good google results.
You need a SAML stack.
Microsoft does not have one. So you need to integrate a third-party product.
There are a number of examples here.
I'm beginning with asp.net mvc and I'd like to learn to the best way for user registration and login whitch is used in real projects. Please, can anyone share good tutorial for beginner? Thanks
You can find a lot of tutorials if you google "ASP.NET Identity 2.X". Here is one I found ASP.NET Identity Tutorial
This should give you a foundation to build on if you need to do something more complex.
You can use Membership api for user creation and login, And it is widely used in real projects.
check this link:-
https://msdn.microsoft.com/library/879kf95c(v=vs.100).aspx
I'm currently developing a web application that will use Facebook as a authentication service. Does it make sense to implement it as an ASP.NET Forms Authentication custom membership provider? While I made my research, I didn't come across any concrete significant advantage of using the Forms Authentication. However, it instinctively seems to me as a good thing to do, because aside from creating a completely custom implementation of authentication using Facebook, I didn't find any extensibility point inside ASP.NET where I could plug in the Facebook auth behavior.
Can you then tell me whether the Forms Authentication is a good idea or not. And if not, is there any other way than completely custom code (I'd like to avoid managing the session cookies, loading the current user, etc. manually).
I'm using ASP.NET MVC 3, Entity Framework and I'd like to avoid the Facebook C# SDK (the extensive use of dynamic types is a bit of a turnoff for me :-) ).
Thanks for any advice.
A simple answer is to use .NET 4.5 oAuth templates, they are incredibly easy to link Facebook up to forms authentication.
http://www.asp.net/vnext/overview/videos/oauth-in-the-default-aspnet-45-templates
However you may struggle to find a decent server if you are planning on releasing immediately. In a couple of months plenty of servers will support .NET 4.5.
The OAuth templates work for both v4.0 and v4.5 so you can publish them onto a server today itself :)
I need a bit of help implementing an OAuth 2 provider for a rest service built on the new ASP.NET Web API. I'm aware there are some similar questions on Stack Overflow but they're more or less links to OAuth libraries. What I'd really like is some sample code or a sample project to get my started. Can anyone point me in the right direction?
I'm looking at DotNotOpenAuth and I believe the 4.0 beta supports OAuth 2 providers. Unfortunately I can't seem to find any code demonstrating how to implement it.
What I need some assistance with is actually getting a 2.0 provider up and running. Once I have that it should be easy enough to integrate it via a HTTP Module or a filter.
I'm interested in 2 legged authentication for API to API communication.
Until DotNetOpenAuth ships a distribution that includes OAuth 2 and the samples together, the best you can do is install the DNOA 4.0 resource server and authorization server roles via NuGet, and then check out the resource server and authorization server samples on GitHub.
But there are currently no samples for the "client secret" grant type, which is the one that best fits your "2 legged" concept for API-to-API communication. In fact the library itself doesn't (yet) support it, but the next NuGet release will and should be available in the next week or so.
We have clients who have RSA securid deployed within their premises and we want to sell our product to them. We need to integrate with their 2 factor authentication setup for authentication into our product.
We have an asp.net (C#) web based application that is exposed to the clients and which needs to support authentication using their own securid setup.
Can someone please help me in getting this support implemented? Pointers to existing documentation are also welcome.
I searched through the queries on this forum and found that most are talking about giving token generation mechanism on your web application itself but I don't think that is the approach that is required for our use case.
have you checked out the web sdk from RSA?
http://www.emc.com/security/rsa-securid/rsa-securid-software-authenticators/web-sdk.htm