Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keycloak fuer .NET Entwickler

Keycloak fuer .NET Entwickler

Boris Wilhelms

February 25, 2021

More Decks by Boris Wilhelms

Other Decks in Programming


  1. Boris Wilhelms • Consultant and Architect at Thinktecture AG •

    Focus on • Identity- & Access-Management solutions • Web-based, cloud nativ application architectures • .NET Core • Email: [email protected] • Twitter: @boriswilhelms Keycloak for .NET Developers Who am I?
  2. • What is Keycloak? • Comparison to IdentityServer and Azure

    Active Directory B2C • How to integrate Keycloak • Authorization Keycloak for .NET Developers Agenda
  3. • Open Source Identity and Access Management • Based on

    Java • Ready to run product • Initial (1.0) release in 2014 • Current Version 12.0.3 – February 2021 • Sponsored by RedHat • Paid product with Support RedHat Single-Sign on Keycloak for .NET Developers What is Keycloak?
  4. • Single-Sign On • OpenID Connect, OAuth 2.0, SAML 2.0

    • Identity Brokering (OpenID Connect or SAML) and Social Logins • Two-Factor authentication / WebAuthN • Multiple database support. Oracle, Microsoft SQL Server, MySQL PostgreSQL • LDAP and Active Directory for User Storage • Authentication and authorization • Admin UI & - REST API • User Self-Service Portal Keycloak for .NET Developers Features
  5. Keycloak for .NET Developers Library Product Self hosted SaaS hosted

    IdentityServer Azure AD / B2C Ory Hydra Keycloak OpenIddict
  6. Keycloak for .NET Developers Comparison IdentityServer Keycloak Azure B2C Library

    to implement STS Ready to run IAM product Ready to run SaaS IAM product OpenId Connect / OAuth OpenId Connect / OAuth / SAML / UMA OpenId Connect / OAuth / SAML Client & Token management only User-, Client- & Token management User-, Client- & Token management No user authentication / authorization Authentication & Authorization Authentication & Authorization Most flexible / DIY Extension points are available (Java) Very limited extension points (Webhooks) Self-hosting Self-hosting Microsoft Azure Cloud only With version 5 paid license. Free plans available for Open Source projects & small companies Free & Open Source Paid Product with support via RedHat Single-Sign on Pay per monthly active user
  7. - Keycloak provides “adapters” for Java, JavaScript (Browser), Node.js -

    Use OpenId Connect / OAuth - Use SAML for legacy applications - Keycloak issues Jwt tokens - HTTP calls for authorization using UMA protocol Keycloak for .NET Developers How to integrate Keycloak
  8. ASP.NET Core API: • Use JwtBearer authentication middleware • Custom

    claims transformation for roles • Authorization: Custom code ASP.NET Core MVC Client Application: • Use OpenId Connect authentication middleware • Custom claims transformation for roles • Authorization: Custom code Keycloak for .NET Developers How to integrate Keycloak
  9. - Authorizations can be managed in Keycloak - Fine grained

    authorization policies - Keycloak supports User Managed Access (UMA) protocol - Resource Owner can manage and control access to resources - Clients can request access - Authorization policies can be managed via - Admin UI - User self service portal - REST API Keycloak for .NET Developers Authorization
  10. Pros • Ready to run product • Full IAM solution

    • Low “time to first token” • Good documentation • Free with optional paid product with support plan available (with Red Har Single Sign-On) • Admin UI / User self service portal Cons • Ready to run product • Limited extension points • Does not support all grant types • Java Stack • Not lightweight Keycloak for .NET Developers Pros & cons