IdentityServer4 v2 on ASP.NET Core v2: An update

Transcript

1. IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier

   & Brock Allen https://identityserver.io [email protected] @leastprivilege / @brocklallen

2. 2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core

   authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us

3. 3 @leastprivilege / @brocklallen The dark ages…

4. 4 @leastprivilege / @brocklallen Katana Middleware 1 Middleware 2 Middleware

   n

5. 5 @leastprivilege / @brocklallen Authentication in Katana wtf?

6. 6 @leastprivilege / @brocklallen Authentication in ASP.NET Core 1 wtf?

7. 7 @leastprivilege / @brocklallen Authentication in ASP.NET Core 2 !

8. 8 @leastprivilege / @brocklallen Configuring Authentication in ASP.NET Core 2

   wtaf?

9. 9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions {

   public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context, string scheme) { } }

10. 10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now –

    will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation

11. 11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for

    ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P

12. 12 @leastprivilege / @brocklallen API Extensibility • It's easy now

    to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo

13. 13 @leastprivilege / @brocklallen Logout is hard! • Session management

    spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html

14. 14 @leastprivilege / @brocklallen Front-Channel Notifications Client <iframe style="visibility:hidden" src="https://client1/signout?sid=123">

    </iframe> <iframe class="visibility:hidden" src="https://client2/signout?sid=123"> </iframe> <iframe class="visibility:hidden" src="https://client3/signout?sid=123"> </iframe> <a href="https://client1">return</a> GET /end_session

15. 15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST

    { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }

16. 16 @leastprivilege / @brocklallen Templates https://github.com/IdentityServer/IdentityServer4.Templates

17. 17 @leastprivilege / @brocklallen Admin UI Community Edition • 10

    users, 2 clients

18. 18 @leastprivilege / @brocklallen Support Us • Up for grabs

    – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver

19. 19 @leastprivilege / @brocklallen Support You • Consulting / Training

    – https://identityserver.io • Production support – https://identityserver.com

20. 20 @leastprivilege / @brocklallen Thanks! slides: https://speakerdeck.com/leastprivilege