Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IdentityServer4 v2 on ASP.NET Core v2: An update

Dominick Baier
January 17, 2018
Programming
3
600

IdentityServer4 v2 on ASP.NET Core v2: An update

NDC London 2018

Dominick Baier

January 17, 2018
Tweet

More Decks by Dominick Baier

See All by Dominick Baier
OAuth - the Good Parts
leastprivilege
0
260
OAuth in 2021. What's new?
leastprivilege
0
340
Part 1 - OAuth 2.0 Security Best Practices
leastprivilege
5
1.9k
Part 2 - Beyond OAuth 2.1
leastprivilege
5
820
OAuth and OpenID Connect: Security Best Practices
leastprivilege
2
2.8k
Designing OpenID Connect and OAuth-based Systems
leastprivilege
3
560
Securing Web Applications and APIs with ASP.NET Core 3
leastprivilege
2
800
Building Clients for OpenID Connect/OAuth 2.0-based Systems
leastprivilege
0
520
Securing Web Applications and APIs with ASP.NET Core 2.2 and 3.0
leastprivilege
6
1.2k

Other Decks in Programming

See All in Programming
外部システム連携先が10を超えるシステムでのアーキテクチャ設計・実装事例
kiwasaki
1
220
JaSST 24 九州:ワークショップ(は除く) 実践!マインドマップを活用したソフトウェアテスト+活用事例
satohiroyuki
0
260
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
5
3.4k
Kotlin2でdataクラスの copyメソッドを禁止する/Data class copy function to have the same visibility as constructor
eichisanden
1
130
僕がつくった48個のWebサービス達
yusukebe
18
17k
レガシーな Android アプリのリアーキテクチャ戦略
oidy
1
170
Modern Angular: Renovation for Your Applications
manfredsteyer
PRO
0
200
デプロイを任されたので、教わった通りにデプロイしたら障害になった件 ~俺のやらかしを越えてゆけ~
techouse
52
32k
Dev ContainersとGitHub Codespacesの素敵な関係
ymd65536
1
130
ECSのサービス間通信 4つの方法を比較する 〜Canary,Blue/Greenも添えて〜
tkikuc
11
2.3k
Googleのテストサイズを活用したテスト環境の構築
toms74209200
0
270
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.2k

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Ruby is Unlike a Banana
tanoku
96
11k
KATA
mclloyd
29
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Designing for Performance
lara
604
68k
It's Worth the Effort
3n
183
27k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Bash Introduction
62gerente
608
210k
A designer walks into a library…
pauljervisheath
202
24k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k

Transcript

  1. IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier

    & Brock Allen https://identityserver.io [email protected] @leastprivilege / @brocklallen

  2. 2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core

    authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us

  3. 3 @leastprivilege / @brocklallen The dark ages…

  4. 4 @leastprivilege / @brocklallen Katana Middleware 1 Middleware 2 Middleware

    n

  5. 5 @leastprivilege / @brocklallen Authentication in Katana wtf?

  6. 6 @leastprivilege / @brocklallen Authentication in ASP.NET Core 1 wtf?

  7. 7 @leastprivilege / @brocklallen Authentication in ASP.NET Core 2 !

  8. 8 @leastprivilege / @brocklallen Configuring Authentication in ASP.NET Core 2

    wtaf?

  9. 9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions {

    public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context, string scheme) { } }

  10. 10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now –

    will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation

  11. 11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for

    ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P

  12. 12 @leastprivilege / @brocklallen API Extensibility • It's easy now

    to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo

  13. 13 @leastprivilege / @brocklallen Logout is hard! • Session management

    spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html

  14. 14 @leastprivilege / @brocklallen Front-Channel Notifications Client <iframe style="visibility:hidden" src="https://client1/signout?sid=123">

    </iframe> <iframe class="visibility:hidden" src="https://client2/signout?sid=123"> </iframe> <iframe class="visibility:hidden" src="https://client3/signout?sid=123"> </iframe> <a href="https://client1">return</a> GET /end_session

  15. 15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST

    { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }

  16. 16 @leastprivilege / @brocklallen Templates https://github.com/IdentityServer/IdentityServer4.Templates

  17. 17 @leastprivilege / @brocklallen Admin UI Community Edition • 10

    users, 2 clients

  18. 18 @leastprivilege / @brocklallen Support Us • Up for grabs

    – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver

  19. 19 @leastprivilege / @brocklallen Support You • Consulting / Training

    – https://identityserver.io • Production support – https://identityserver.com

  20. 20 @leastprivilege / @brocklallen Thanks! slides: https://speakerdeck.com/leastprivilege