Slide 1

Slide 1 text

IdentityServer4 v2 on ASP.NET Core v2 an Update Dominick Baier & Brock Allen https://identityserver.io [email protected] @leastprivilege / @brocklallen

Slide 2

Slide 2 text

2 @leastprivilege / @brocklallen Agenda • The new ASP.NET Core authentication system • WS-Federation (aka ADFS support yay) • SAML2p • API extensibility • Configuration • Logout • Templates • Admin UI Community Edition • How to support us

Slide 3

Slide 3 text

3 @leastprivilege / @brocklallen The dark ages…

Slide 4

Slide 4 text

4 @leastprivilege / @brocklallen Katana Middleware 1 Middleware 2 Middleware n

Slide 5

Slide 5 text

5 @leastprivilege / @brocklallen Authentication in Katana wtf?

Slide 6

Slide 6 text

6 @leastprivilege / @brocklallen Authentication in ASP.NET Core 1 wtf?

Slide 7

Slide 7 text

7 @leastprivilege / @brocklallen Authentication in ASP.NET Core 2 !

Slide 8

Slide 8 text

8 @leastprivilege / @brocklallen Configuring Authentication in ASP.NET Core 2 wtaf?

Slide 9

Slide 9 text

9 @leastprivilege / @brocklallen IAuthenticationService public static class AuthenticationHttpContextExtensions { public static Task SignInAsync(this HttpContext context, ClaimsPrincipal principal) { } public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) { } public static Task SignOutAsync(this HttpContext context) { } public static Task SignOutAsync(this HttpContext context, string scheme) { } public static Task ChallengeAsync(this HttpContext context) { } public static Task ChallengeAsync(this HttpContext context, string scheme) { } public static Task ForbidAsync(this HttpContext context) { } public static Task ForbidAsync(this HttpContext context, string scheme) { } public static Task AuthenticateAsync(this HttpContext context) { } public static Task AuthenticateAsync(this HttpContext context, string scheme) { } }

Slide 10

Slide 10 text

10 @leastprivilege / @brocklallen WS-Federation • Preview2 right now – will be done soon (really… promised) – feel free to complain to @blowdart https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.WsFederation

Slide 11

Slide 11 text

11 @leastprivilege / @brocklallen Saml2p • Anders' authentication handler for ASP.NET Core 2 (aka SP support) – https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2 • Rock Solid Knowledge SAML2p plugin (aka IdP support) – https://www.identityserver.com/products#SAML2P

Slide 12

Slide 12 text

12 @leastprivilege / @brocklallen API Extensibility • It's easy now to extend IdentityServer with custom API endpoints – https://identityserver4.readthedocs.io/en/release/topics/add_apis.html – https://github.com/IdentityServer/IdentityServer4.Demo

Slide 13

Slide 13 text

13 @leastprivilege / @brocklallen Logout is hard! • Session management spec – https://openid.net/specs/openid-connect-session-1_0.html • Front-channel notifications – https://openid.net/specs/openid-connect-frontchannel-1_0.html • Back-channel notifications – https://openid.net/specs/openid-connect-backchannel-1_0.html

Slide 14

Slide 14 text

14 @leastprivilege / @brocklallen Front-Channel Notifications Client return GET /end_session

Slide 15

Slide 15 text

15 @leastprivilege / @brocklallen Back-Channel Notifications Client GET /end_session POST { "iss": "https://demo.identityserver.io", "sub": "248289761001", "aud": "client1", "iat": 1471566154, "jti": "bWJq", "sid": "8u09jejd099", "events": { "http://schemas.openid.net/event/backchannel-logout": {} } }

Slide 16

Slide 16 text

16 @leastprivilege / @brocklallen Templates https://github.com/IdentityServer/IdentityServer4.Templates

Slide 17

Slide 17 text

17 @leastprivilege / @brocklallen Admin UI Community Edition • 10 users, 2 clients

Slide 18

Slide 18 text

18 @leastprivilege / @brocklallen Support Us • Up for grabs – http://up-for-grabs.net/#/names/identityserver4 • StackOverflow – https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest • Patreon – https://www.patreon.com/identityserver

Slide 19

Slide 19 text

19 @leastprivilege / @brocklallen Support You • Consulting / Training – https://identityserver.io • Production support – https://identityserver.com

Slide 20

Slide 20 text

20 @leastprivilege / @brocklallen Thanks! slides: https://speakerdeck.com/leastprivilege