OpenId and OpenAuth with mvc application - asp.net-mvc-3

I need to login with facebookx, twitter, gmail, openid, yahoo and other site in MVC3.
I already search for Openauth and openID but could not get the proper solution. come solution run and went to the site but never come back with identty.
So can i get the proper solution in running mode with MVC3. Also please provide me the dll and also nuget template or packages details.
Can i test with localhost for openauth/openid?

In short, Yes you can test and host on local host.
What you need to focus is a Tokens that are managed in OAuth library provider of your choice. Just follow the wiki and some tutorial and you will be fine.
As a start point look at the dotnetopenaut.net source library that brings OpenID, OAuth, and ICard capabilities to the Microsoft .NET Framework.
Reference: look at this post for more details: OpenID and OAuth using DotNetOpenAuth in ASP.NET MVC

Related

LDAP SSO between portal built in Laravel and SAS

We have built a portal in PHP(Laravel) + Angular for a client. User Authentication is done through LDAP.
Client also has a SAS solution for Analytics and it also has LDAP Authentication (SAS Viya).
We need to redirect the user from our portal to SAS portal and the user should get logged in automatically as both portals are authenticating the users through same LDAP.
We tried a few things, but it didn't help.
I am looking for some guidance on how to implement this and if there is any programming/configuration required on our side or on SAS side.
Hard to be specific without fully understanding your use case, but you could look to handle authentication to Viya using the SASjs Adapter (disclaimer - my team built it)
https://github.com/sasjs/adapter
Just set the LoginMechanism to REDIRECTED in the config object to support SSO or alternative login flows. If you need help, my team can be contact on https://sasapps.io/contact-us, else just raise an issue on the github.
We have an implementation on Angular that may help: https://github.com/sasjs/angular-seed-app
We have integrated a VIYA Visual Analytics report into a corporate web application, using the SDK (so not realy a redirect) with single sign on.
(I don't know all the details about how we did it. my roll was in the personalization of the report, where we went further than ordinary row level security.)

Moving from Web API 2 Claim-Based-Authentication to ThinkTecture

I am finding that Microsoft's implementation of Claim-Based Authentication is not really up to the expectation of the true Claim-Based setup, and I seems like ThinkTecture is doing a good job of replacing Web API implementation.
I am wondering if anyone has a guide or blog post for people to move from the default SPA Template for VS2013 for AccountController to the ThinkTecture approach.
I also like that default Microsoft Web API AccountController that will create the tables for AspNetUsers and Roles, but I am not sure if ThinkTecture does the same thing or not.
I guess I am a little confused between all of the repositories that ThinkTecture have. Does any one have a solid guidance in terms of what to use, IdentityServer, IdentityModel.45, or AuthorizationServer?
I am just looking to drop the whole Microsoft approach and open to use a proper true Claim-Based approach, but I kinda need help in terms of EF6 migrations for the Identity tables, and what projects to use, or how to drop the the whole AccountController approach in SPA-Template for VS2013. I have looked at Dominick's blog and it seems to be really good, but I haven't found a post that kinda helps moving from Web API approach to ThinkTecture way of thinking.
Thinktecture Identity Server is for issuing authentication tokens (for things like websites) and is helpful for SSO (again, in browser scenarios).
Thinktecture Authorization Server is for issuing authorization tokens (for things like Web APIs). Authorization Server needs the user to authenticate, and so it can rely upon Identity Server for that.
Thinktecture IdentityModel is a helper library you'd use in either a web app or Web API app to help with various security concerns that aren't provided by the .NET framework.

Implement Web API with OAuth and a Single Page Application

We're developing an API and a single page application (that is one of more possible future consumers of it).
We already started on the web API, and basically implemented a system very similar to the one John Papa made in his course on pluralsight, named "Building Single Page Apps (SPA) with HTML5, ASP.NET Web API, Knockout and jQuery".
We now need to implement authentication and user managing in this application and need to find the easy way out to implement this in as little time as possible as we are in a hurry.
We realized the SPA template included in the ASP.NET update had very similar features to our needs, but we wonder what the best approach to implement a similar feature in our existing code.
We are novice developers, as you might figure.
Is it possible nstall some packages using the package manager, and voila, a simple membership and OAuth auth option be readily available?
Our use case is that we need to protect some resources on our API based on roles, and that one should be able to log in using a username and password, but also log in using ones facebook, google, or twitter account.
Found an interesting talk regarding the subject here: https://vimeo.com/43603474 named Dominick Baier - Securing ASP.NET Web APIs.
Synopsis: Microsoft’s new framework for writing RESTful web services and web APIs is appropriately enough called ASP.NET Web API. As the name applies, this technology is part of ASP.NET and also inherits its well-known security architecture. But in addition it also supports a number of new extensibility points and a flexible hosting infrastructure outside of IIS. There are a number of ways how to do authentication and authorization in Web API - from Windows to usernames and passwords up to token based authentication and everything in between. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.
We eventually went with the SPA template, doing authentication on the API (separate MVC part).
Then the API would generate a unique token and redirect the user to the front-end with the token in url parameters.
The front-end then needs to send this token on every subsequent request.
Have a look here - Identity Server done by the security experts. This is all you need in one package.
In terms of OAuth, you would need to use Client-Side Web Application flow which the access token is issue immediately to the client and can be used.

API authentication

I have the task to build a new API. The API will mainly be used by tablet applications.
I'm thinking of using the new ASP WebApi.
My biggest concern however is the security part. Because the apps will be build by third-party companies, we do not want that usercredentials will be entered in their application, but redirected to our site (authenticationserver).
I have done some researching and I came accross OAuth 2.0. For working with mobile devices and tablets it's probably the best to work with the 'autohorization code flow' principle -correct me if I'm wrong-.
Am I thinking in the right direction or are their simpler authentication systems to achieve my goal?
Are their any frameworks (.NET) available (or documentation) how to create an Authentication Server and how to use it in the Asp webapi?
Is it easy these days to implement oauth2.0 in an IOS app?
Thanks for any help!
OAuth 2.0 authz code based grant is suitable when client app is a Web application. Will the apps that are going to be built by third party all be Web applications? There are HTTP redirects involved in that flow.
In OAuth 2.0, there is a client, there is a resource server (Web API in your case) and there is an authorization server. There is no such thing as Authentication server. Are you referring to some thing else?

oAuth + ADFS Federation; Is this possible, and how would one go about doing it in ASP.NET MVC?

I'd like to support multiple authentication mechanisms such as oAuth and ADFS in my MVC site. Is this possible, and how would I go about using one or the other?
My understanding is that ADFS/WIF will hook into the entire site preventing alternates such as oAuth
FedUtil only allows an application to point to one instance of ADFS. If you use it again to point to another instance, it simply overwrites the old ADFS info. in the web.config.
The trick is to federate ADFS with another STS which does support the OAuth protocol.
StarterSTS is an example of an STS which supports OpenId. This was developed by Dominick Baier. He has just announced via his blog that he is developing a MVC version.
Matias Woloski has blogged about a protocol bridge here. It supports not only OpenID but also OAuth.
#nzpcmad suggestion of adding an STS to do protocol translation is correct. Another alternative is to use ACS (AppFabric Access Control Service).
You can alternatively add the trusts relationship on the web.config manually (or run Fedutil on a separate project and merge the changes). In this case the trust would be to an STS that knows how to deal with OAuth and SAML/WS-Federation (like the STSs mentioned by #nzpcmad). Out of the box, WIF only understands SAML tokens and WS-Federation/WS-Trust.
StarterSTS does not support OAuth but the follow-on project by the same guy does. Check out http://identityserver.codeplex.com/ for more details.
In addition to supporting OAuth it is new code using the ASP.NET MVC framework and WCF for its underpinnings.
This is only at CTP 1 status and is not yet considered a full release yet so review carefully.

Resources