Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IdentityServer4 v2 on ASP.NET Core v2: An update

Avatar for Dominick Baier Dominick Baier
January 17, 2018
Programming
670
3

IdentityServer4 v2 on ASP.NET Core v2: An update

NDC London 2018

Avatar for Dominick Baier

Dominick Baier

January 17, 2018

More Decks by Dominick Baier

See All by Dominick Baier
OAuth - the Good Parts
Avatar for Dominick Baier leastprivilege
0
380
OAuth in 2021. What's new?
Avatar for Dominick Baier leastprivilege
0
420
Part 1 - OAuth 2.0 Security Best Practices
Avatar for Dominick Baier leastprivilege
5
2k
Part 2 - Beyond OAuth 2.1
Avatar for Dominick Baier leastprivilege
5
1k
OAuth and OpenID Connect: Security Best Practices
Avatar for Dominick Baier leastprivilege
2
3.1k
Designing OpenID Connect and OAuth-based Systems
Avatar for Dominick Baier leastprivilege
3
640
Securing Web Applications and APIs with ASP.NET Core 3
Avatar for Dominick Baier leastprivilege
2
920
Building Clients for OpenID Connect/OAuth 2.0-based Systems
Avatar for Dominick Baier leastprivilege
0
680
Securing Web Applications and APIs with ASP.NET Core 2.2 and 3.0
Avatar for Dominick Baier leastprivilege
6
1.3k

Other Decks in Programming

See All in Programming
生成AI時代にこそ効くGo | Why Go Works in the Age of Generative AI
Avatar for mom0tomo mom0tomo
8
3.2k
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
Avatar for アキキー | Akihisa Ikeda akihisaikeda
2
4k
例外の正しい扱い方 そのエラー try-catchして大丈夫?
Avatar for Watanabe Jin jinwatanabe
0
210
ふつうのFeature Flag実践入門
Avatar for irof irof
7
3.7k
New "Type" system on PicoRuby
Avatar for pocke pocke
1
830
Lessons from Spec-Driven Development
Avatar for Simon Martinelli simas
PRO
0
180
並列実装の現場、2ヶ月間実務でAIを使い倒したAIもPCも私も限界が近い
Avatar for ming ming_ayami
0
130
These Five Tricks Can Make Your Apps Greener, Cheaper, & Nicer
Avatar for Holly Cummins hollycummins
0
280
肥大化するレガシーコードに立ち向かうためのインターフェース分離と依存の逆転 / JJUG CCC 2026 Spring
Avatar for hirokuni-maeta hirokunimaeta
0
540
RTSPクライアントを自作してみた話
Avatar for simotin13 simotin13
0
580
タクシーアプリ『GO』の バックエンド開発のおける AI利活用と若者のすべて
Avatar for Kazuhiko Yamashita pyama86
3
2k
3Dシーンの圧縮
Avatar for Fadis fadis
1
750

Featured

See All Featured
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
1
250
Claude Code のすすめ
Avatar for schroneko schroneko
67
230k
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
34k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
320
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
183
10k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.5k
エンジニアに許された特別な時間の終わり
Avatar for watany watany
107
250k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
200
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
400
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
65
55k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
47
8.2k

Transcript

  1. IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier

    & Brock Allen https://identityserver.io [email protected] @leastprivilege / @brocklallen

  2. 2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core

    authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us

  3. 3 @leastprivilege / @brocklallen The dark ages…

  4. 4 @leastprivilege / @brocklallen Katana Middleware 1 Middleware 2 Middleware

    n

  5. 5 @leastprivilege / @brocklallen Authentication in Katana wtf?

  6. 6 @leastprivilege / @brocklallen Authentication in ASP.NET Core 1 wtf?

  7. 7 @leastprivilege / @brocklallen Authentication in ASP.NET Core 2 !

  8. 8 @leastprivilege / @brocklallen Configuring Authentication in ASP.NET Core 2

    wtaf?

  9. 9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions {

    public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context) { } public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext context, string scheme) { } }

  10. 10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now –

    will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation

  11. 11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for

    ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P

  12. 12 @leastprivilege / @brocklallen API Extensibility • It's easy now

    to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo

  13. 13 @leastprivilege / @brocklallen Logout is hard! • Session management

    spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html

  14. 14 @leastprivilege / @brocklallen Front-Channel Notifications Client <iframe style="visibility:hidden" src="https://client1/signout?sid=123">

    </iframe> <iframe class="visibility:hidden" src="https://client2/signout?sid=123"> </iframe> <iframe class="visibility:hidden" src="https://client3/signout?sid=123"> </iframe> <a href="https://client1">return</a> GET /end_session

  15. 15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST

    { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }

  16. 16 @leastprivilege / @brocklallen Templates https://github.com/IdentityServer/IdentityServer4.Templates

  17. 17 @leastprivilege / @brocklallen Admin UI Community Edition • 10

    users, 2 clients

  18. 18 @leastprivilege / @brocklallen Support Us • Up for grabs

    – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver

  19. 19 @leastprivilege / @brocklallen Support You • Consulting / Training

    – https://identityserver.io • Production support – https://identityserver.com

  20. 20 @leastprivilege / @brocklallen Thanks! slides: https://speakerdeck.com/leastprivilege