I'm trying to create a simple Xamarin application that would need to use a local ADFS to identity the user. Indeed, I wrote an internal web application in ASP.NET Core but the client would like to have a light version as a mobile app, therefore, I need to authenticate the user the same way I do it for the web application: using ADFS 2019 + OAuth/OpenIdConnect.
However, I did some researches on Google and I find nothing talking about that specific case. Most articles concern Azure but I don't want to use Azure, I want to use a local ADFS.
Can anyone provide me with a link or some idea about the way to achieve this?
There's a set of good articles here that cover ADFS and OIDC.
The libraries are the same as the Azure ones - just the parameters are different.
Related
We're getting ready to rewrite an old native windows mobile application that accesses data through a VPN. We'd like the new version (.NET Windows 10 mobile application) to access data through web services that are protected by Okta. What is the best way to do this?
Thanks!
The best way to do this depends on how the web services are protected.
The main thing to keep in mind is that you don't want to store any secrets on the mobile application.
In an ideal world, these web services would be secured with something like OpenID Connect (OIDC), allowing you to authenticate against Okta (the "IDP") to get access to the web services (the "Relying Parties").
However, the real world is messy, where some web services are protected via SAML, OIDC, OAuth, custom headers, etc.
Without knowing more about your setup, my recommendation would be to build against OIDC, using a proxy server (or "API Gateway") as needed to secure your web services using OIDC.
One of my co-workers at Okta has written a sample iOS application in Xamarin that implements OIDC, I suggest taking a look at the ViewController.cs file in that repository.
I have a MVC3 application that uses Windows authentication and works great if we deploy it on a server that is in the same domain with the users that access it.
I have a request to deploy the application on a external server, like Amazon, and use ADFS to authenticate users with their domain credentials.
Does anyone have some tutorials how to implement this functionality into a MVC3 application? I didn't find any resources to help me with this issue.
The core technology you need to look at is WIF (Windows Identity Foundation). The WIF SDK has plenty of examples of use, and I would start there.
This exact scenario is described in detail in this chapter:
http://msdn.microsoft.com/en-us/library/ff359102.aspx
I would suggest you should start with the intro sections of the same guide to understand how "claims based identity" works and the components involved.
For ADFS, I would suggest Lab 1 of this:
http://claimsid.codeplex.com/releases/view/68061
We have an application built on top of the Google App Engine. We now need to write a Windows 7 tray application that accesses services provided by our GAE application. This implies that we need to first make an OAuth connection to our application, and we are finding it difficult to locate information about how to accomplish this.
We have already successfully used Google's OAuth2 API .net client to establish a trusted connection from our Windows application to the Google API, but this does not seem to also give us access to the Google App Engine which seems to live in a different part of the ether.
So first, I would like to ask, are we correct in our understanding that Google App Engine only supports OAuth 1.0 and does not support OAuth 2 as the rest of the Google API seems to support?
And second, (assuming the answer to the above is yes) does anyone know of any information or example code where someone has already made a successful OAuth 1.0 connection from a Windows .NET (C#) application to a Google App Engine application? It would be of great help to us to locate such an example.
Google App Engine supports just Oauth 1.0 and it is still an experimental feature.
Having to deal with a .NET C# application I would proceed in this way:
Get the DevDefined OAuth package
Look the ExampleConsumerSite here
Port in C# the relative simple step explained in Java or Python
I am migrating one ASP.NET MVC 3 intranet Website to the Windows Azure and DB to SQL Azure.
On Premises my site uses Windows Authentication to authenticate and authorize the user(By Placing AUTHORIZE attribute on controllers).
It would be very kind of you If you can let me know How to go about the same.Thank You In Advance !
You have two choices here:
Use federated authentication and something like ACSv2. This requires a bit of work to setup a relying party, install ADFS2, etc. However, it is the most robust and future proof option. It is a very good option.
Use something like Windows Azure Connect. That will bring Windows Authentication to the cloud by joining your running instances to your domain controller on-premises. In effect, you have something of a VPN between your cloud instances and your on-premises domain controller. There are some caveats to this model today (requires installing agent on DC for instance), but it would be from a 'just works' stand point, the easiest. Longer term, this is less attractive I believe than option #1.
You can get more details for each of these by checking out the Windows Azure Platform Training Kit.
I should also add that you have no option (today at least) of using Windows Authentication with SQL Azure. You must use SQL authentication there, so what I am talking about here only applies to the web site itself.
I'm very successfully using Windows Identity Foundation with Azure AppFabric Access Control Service to authenticate using ADFS v2.
As well as straight authentication, it gives you lots of flexibility over other claims, such as roles (which don't need to be based solely on AD group membership).
In my opinion, its biggest strength is that there is no communication channel required between the Azure platform and your on-premise AD. Everything is done via the browser. From a security perspective, this means that although anyone can reach your application, nobody can authenticate to it unless they can also reach your ADFS server. Access to this can be restricted to on-premise clients only or via VPN, greatly reducing the attack surface.
Also, because ADFS does not need to be exposed externally, it can greatly ease the bureaucratic overhead of deploying it, in my experience.
Only configuration is required, which although it can be a bit of a fiddle initially, is pretty straightforward once you've got to grips with it. You configure WIF to use ACS as it's Identity Provider and create a Relying Party in ACS for the application. Then, you configure ACS to use ADFS as its Identity Provider. You could configure WIF to talk directly to ADFS, but the additional level of abstraction of going via ACS can be useful.
Once you've done your configuration, using the [Authorize] attribute 'just works'.
Note that if you're using Ajax calls into your controllers, you'll need to take some precautions, as Ajax calls don't handle the federated authentication redirect (or the ADFS Shuffle, as I like to call it), but it's nothing that's insurmountable.
All in all, I'm very impressed with the combination of WIF+ACS+ADFS for transparent Windows integrated authentication.
I need to integrate shibboleth in my application. My application is .net web application. May I know how to do this one? I have a separate server (ubuntu server) in which shibboleth idp and sp installed with apache configuration.
I made lot of search on this. but I can't able to get the correct information for this one Can anyone suggest me some url or point what i need do to get it work?
You could implement (Windows Identity Foundation) WIF in your ASP.NET Web App.
If you have Active Directory Federation Services (which basically make Active Directory speak SAML2 protocol and WS-Federation protocol), you can have ASP.NET with WIF trusting (thru WS-Federation) ADFS V2, trusting (thru SAML 2 protocol) Shibboleth.
You can find additional information in these posts. You can find sample screen shots with SharePoint instead of ASP.NET in this post (sorry it's in French). A white paper explains how to implement.
If you don't have Active Directory and ADFS V2, you may want to use SAML2 protocol extension for WIF and this thread may help.
Similar to : Single Sign on using Shibboleth