Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Identity in ASP.NET Core 2.x

Avatar for ondrejbalas ondrejbalas
August 08, 2018
Technology
0
47

Identity in ASP.NET Core 2.x

Injecting custom code into authentication and authorization in ASP.NET has always been a chore. ASP.NET Identity is a library built to replace both ASP.NET Membership and Simple Membership, making it much easier to implement custom authentication and authorization without the need to rewrite core components. In this session I will go deep into the abstractions that ASP.NET Identity builds atop of and show how to take advantage of these hook points to implement a custom membership system.
Avatar for ondrejbalas

ondrejbalas

August 08, 2018
Tweet

More Decks by ondrejbalas

See All by ondrejbalas
Middleware in ASP.NET Core 2.x
Avatar for ondrejbalas ondrejbalas
0
58

Other Decks in Technology

See All in Technology
TableauLangchainとは何か?
Avatar for yuta cielo1985
1
160
VS CodeとGitHub Copilotで爆速開発!アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave
Avatar for Yusuke Yamada yamachu
2
370
対話型音声AIアプリケーションの信頼性向上の取り組み
Avatar for 株式会社IVRy(社員登壇資料) ivry_presentationmaterials
2
760
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for michal deltahelp
0
1.1k
DatabricksにOLTPデータベース『Lakebase』がやってきた!
Avatar for Takeru Ino inoutk
0
160
SREの次のキャリアの道しるべ 〜SREがマネジメントレイヤーに挑戦して、 気づいたこととTips〜
Avatar for coconala_engineer coconala_engineer
1
3k
United Airlines Customer Service– Call 1-833-341-3142 Now!
Avatar for vivankilkenny548+imnfc airhelp
0
180
Contributing to Rails? Start with the Gems You Already Use
Avatar for Yasuo Honda yahonda
2
120
事例で学ぶ!B2B SaaSにおけるSREの実践例/SRE for B2B SaaS: A Real-World Case Study
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
1
360
【Oracle Cloud ウェビナー】【入門&再入門】はじめてのOracle Cloud Infrastructure [+最新情報]
Avatar for oracle4engineer oracle4engineer
PRO
1
100
microCMSではじめるAIライティング
Avatar for himaratsu himaratsu
0
130
[SRE NEXT] ARR150億円_エンジニア140名_27チーム_17プロダクトから始めるSLO.pdf
Avatar for sato-s satos
5
2.5k

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
235
140k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
281
13k
Done Done
Avatar for chrislema chrislema
184
16k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.5k
A better future with KSS
Avatar for Kyle Neath kneath
238
17k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
336
57k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
47
9.6k

Transcript

  1. Identity in ASP.NET Core 2.x ONDREJ BALAS @ONDREJBALAS WWW.ONDREJBALAS.COM [email protected]

  2. ONDREJ BALAS Microsoft MVP in Visual Studio Blog at ondrejbalas.com

    Consultant since 2001 Founded startup in 2017 Game development for fun WWW.ONDREJBALAS.COM [email protected] @ONDREJBALAS

  3. AspNetCore.Identity Access Control (Authentication & Authorization) First released as NuGet

    packages, compatible with .NET 4.5 and higher ASP.NET Core MVC 2.1 templates use ASP.NET Core Identity 2.1 As of 2.1, UI (default views) is provided as a Razor Class Library

  4. Use this when you ARE NOT using ASP.NET Core Use

    this when you ARE using ASP.NET Core

  5. ASP.NET Membership (2005) Tightly coupled to SQL Server (with a

    specific schema) Even other relational databases like MySQL required a complicated custom provider Roles and passwords were required Custom user profile fields were a PAIN!

  6. Simple Membership (2012) Supports a custom database schema You can

    choose the ID and username columns There are extensions for OAuth and OpenID Supports account reset token by default Built on top of ASP.NET Membership so there is still a tight coupling to SQL Server Making changes to persistence means rewriting things like password hashing too

  7. AspNet.Identity OAuth & OpenID Connect (Facebook, Google, Microsoft Live, LinkedIn,

    etc..) Custom Data Stores (even NoSQL!) are easy to implement Roles, Claims, or Both Organizational Accounts Too (Active Directory, Azure AD, Office 365) Happiness

  8. Claims Additional bits of information attached to a user More

    granular than roles A KeyValue store that lives with the user Stored in the user’s (encrypted) cookie

  9. Demonstrating Authentication under the hood Bare-bones no-password authentication Adding the

    Identity bits Managers & Stores Authorization Policies

  10. Request Response HTTP 200 (OK)

  11. Request

  12. Request [Authorize] public IActionResult ProtectedPage() { // ... }

  13. Request Response HTTP 302 (redirect) to login page

  14. Request Response HTTP 200 (OK)

  15. user=cat&pw=meow Response HTTP 302 (redirect) to protected page POST Request

    Set-Cookie: login=somelongtoken; path=/

  16. Response HTTP 200 (OK) Request Cookie: login=somelongtoken

  17. Demo Time

  18. Managers UserManager RoleManager SignInManager Stores IUserStore IUserLoginStore IUserClaimStore IUserRoleStore IRoleStore

    IUserPasswordStore

  19. [Authorize(Policy=“MemberSection”)] SomeRequirement : IAuthorizationRequirement services.AddAuthorization(…) …are used on controllers and

    actions …and are wired up in Startup.cs …have requirements and handlers Authorization Policies… AnotherHandler : AuthorizationHandler<SomeRequirement>

  20. Thanks! ONDREJ BALAS WWW.ONDREJBALAS.COM [email protected] @ONDREJBALAS GITHUB.COM/ONDREJBALAS