using IdentityServer4.AccessTokenValidation in a legacy .net 4.6.2 project - access-token

I am trying to setup IdentityServer4 to authenticate a webforms project running against .net framework => 4.6.2, a Single page WCF REST application with XML SOAP WCF services as well (also => 4.6.2).
The Single page appliction uses bearer tokens from the client. This works when using then nuget package IdentityServer3.AccessTokenValidation, but restricts the version of IdentityModel to < 2. There is no app builder extension in the IdentityServer4.AccessTokenValidation project and I cant find an example of how to configure this correctly. Is this possible, or am i restricted to using V3 with bearer tokens if my client application is not running dotnet core?
If so how much of a problem would it be in the future not being able to update the IdentityModel package to version 2 and above?
I have been searching into this cant find an obvious solution. Have I missed something simple or misunderstood how i should be using bearer tokens from the oidc js client in OWIN?
The only answers I can find say to use IdentityServer3.AccessTokenValidation instead of 4, but I'm concerned the restriction on the IdentityModel class may cause problems in the future.
Any help would be greatly appreciated.
Thanks
Paul

You can use IdentityServer3.Contrib.AccessTokenValidation NuGet package maintained by the community. This package will use IdentityModel > 3 which should resolve your issues.

Related

The Google Admin SDK Email Settings API is not listed in the APIs Discovery Service

In working with the .NET client library we found that the Email Settings API was not available in it or any of the other client libraries. After communicating with the developers of the .NET library on how the library is generated we noticed that the Email Settings API is not listed in the API discovery service as part of the Admin SDK. The .NET client library relies on the discovery document as does the PHP client. Both the Directory API and the Reports API are.
I noticed that in the documentation for the Email Settings API that calls are still made to apps-apis.google.com:
https://apps-apis.google.com/a/feeds/emailsettings/2.0/
rather than to www.googleapis.com like the other Admin SDK APIs do:
https://www.googleapis.com/admin/directory/v1/
https://www.googleapis.com/groups/v1/groups/
https://www.googleapis.com/admin/reports/
I'm guessing that this is the underlying reason for why this particular API is not included. Is there a timetable for getting the Email Settings API moved to the googleapis service?
There are two types of Google APIs. Gdata APIs and discovery APIs.
The Gdata APIs are old APIs a lot of them have actually been shut down. The client libraries for them to my knowledge where not auto generated.
if you check the documentation for the email settings api there is some sample code for .net.
using Google.GData.Apps.GoogleMailSettings;
The key here is that its a Gdata, its a Gdata api. Which means that like you said its not supported by the current Google .net client library which only supports discovery APIs.
After doing some searching in the code for the Gdata client library. Yes it exists but it hasn't been developed on in ages. There is some code in there for Google email settings There should be a nuget package for it but I have not been able to find it.
The only thing that i have cound that might lead us to the corect nuget package is this
Install-Package Google.GData.Apps
I don't have an admin account so I cant help you test it. However I can probably give you some hints on getting it working. You should be able to track me down from my stack profile if you need help or just post another question on stack. I should spot it.

OWIN Self-hosted Security Token Service (STS)

I'm looking for suggestions regarding methods of hosting a 'custom STS' within a self-hosted OWIN pipeline.
It seems that the current documentation on custom claims providers has changed very little in the few years since I created a custom-STS with WIF 3.5, and I'd like to bring the implementation up-to-date for use with ADFS 3.1 (Windows Server 2012 R2).
I'm aware that the SecurityTokenService has moved to the System.IdentityModel namespace in 4.5, and ideally I'd like to encapsulate an STS within an OWIN-self hosted WebAPI, but I would be happy to use something like Nancy instead if necessary (since MVC does not appear to run in OWIN owing to it's reliance on System.Web), but I am struggling to find a way to utilise my implementation of SecurityTokenService from my WebAPI's DelegatingHandler since the wrapper functions in System.IdentityModel.Service.FederatedPassiveSecurityTokenServiceOperations also appear to be reliant on System.web, and hence IIS.
I plan on presenting the required input form elements to the user by manually crafting the response stream and parsing the POST - I realise this is a terrible idea compared to using ASP.Net or MVC, but at this stage this is really just a proof of concept for me, I'll be letting ADFS handle the cookies, since this will just be registered as a custom claims provider.
Should I drop the SecurityTokenService class in favour of a better token-generation implementation, or should I drop the wrapper class and manage requests to the STS manually using the IOwinContext's Request and Response objects, but if so, how?
Many thanks

How to convert an existing ASP.NET Web API to Azure Mobile Service?

Recently announced at Microsoft Build is the ability to convert an existing ASP.NET Web API to an Azure Mobile Service. I was curious as to if anyone has successfully done this yet, and the steps needed to do so.
Things I've tried thus far:
Added the Azure Mobile Service .NET Backend & Azure Mobile Service -
Entity Framework Nuget Packages to my existing ASP.NET Web API
project.
Resolved an issue with OWIN and AMS(ZUMO) conflicting Startup.cs assemblies.
Ensured the ASP.NET Web API compiles locally, and published as an Azure Mobile Service.
However whenever publishing, it seems I only get a runtime error on the server.
Here was the best example of potentially doing this: http://channel9.msdn.com/Events/Build/2014/3-623
Secondly I've looked a bit into just running the OWIN pipeline via: http://www.strathweb.com/2014/02/running-owin-pipeline-new-net-azure-mobile-services/
I know that this is in a preview mode, but figured some document trail would help!
Can you try adding your existing WebAPI assets to Mobile Services project you create from VS? This will make sure all the right things are wired up. Also, check the Logs tab in the portal for any clues.
This should help..
http://blogs.msdn.com/b/azuremobile/archive/2014/04/10/creating-an-azure-mobile-services-net-backend-from-scratch.aspx
Thanks
Supreet

Can you build an ASP.NET Web API on top of OWIN?

Well the title basically sums it up, I'm wondering if I can create an OWIN pipeline to my ASP.NET Web API. I want to do this so I can apply a base security layer that I can apply to all of my API service hosted on my service server. New to OWIN, love the idea
Yes. You can start with this http://nuget.org/packages/Microsoft.AspNet.WebApi.Owin/0.21.0-pre and then you will need an another package depending on what host you choose.
You will find below link helpful. It using Katana, an OWIN implementation for Microsoft hosts and the Web API framework.
http://www.strathweb.com/2012/12/running-aspnet-web-api-with-owin-and-katana/
Yes.
Also: If self-hosting Web API 2 using OWIN in a windows service, you can check out this example on GitHub: https://github.com/danesparza/OWIN-WebAPI-Service
It walks you through creating the service, adding OWIN using NuGet, and using attribute based routing in Web API 2.

UNKNOWN_EXCEPTION: Destination URL not reset. The URL returned from login must be set in the Salesforce

In windows Phone application, i added Enterprise.wsdl(obtained from my salesforce login id) as reference. I'm able to authenticate using Loginresult. But while using Create the above expense are thrown.
Using SoapHeader class in Web application inherited System.Web.Services.Protocols.SoapHeader so referred the Server url and id.
It is not possible to use web in Windows phone. Plz help if you know any samples to solve it
Part of the results for the login call are a serverUrl, this url should be used to make all subsequent requests, typically in .NET you just set the .Url property of your stub to the provided value. While there are no win-phone specific examples, there are lots of .NET examples in the docs
My experience has been that you can't import the Partner or Enterprise WSDLs to a Windows Phone 7 project.
With Windows Phone 7 projects you can add a Service Reference (for WCF), but not a Web Reference.
Whenever I've imported the Salesforce WSDLs to a standard .NET project I've needed to use a Web Reference to get the APIs working correctly. Something about how WCF doesn't support the Salesforce WSDL defined SOAP headers that are needed to specify the session details.
I found using the REST API and JSON.NET to be the easiest with Windows Phone 7 projects.
That said, my phone app only works with Developer, Enterprise and Unlimited Salesforce editions. Professional and Group editions get the API_DISABLED_FOR_ORG error. I think I need to get the app certified to work with those editions.

Resources