Your SlideShare is downloading. ×
0
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Create a Uniform Login Experience with a Centralized Cloud Authentication System, Roy Cornelissen and Marcel de Vries

2,280

Published on

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,280
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
56
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Welcome!
  • 2. How to create auniform loginexperience usingFederated Identity RoyCornelissenIT Architect,Info SupportMarcelde VriesTechnologyManager@marcelvXamarinEvolve2013RoyCornelissenITArchitect@roycornelissen
  • 3. Your app Demo’sProblem Solutions
  • 4. Problem statementYou want to secure your back endYour app needs to authenticate before it can access services in yourbackendHow are you going to identify the user at the backend?Roll your own username/passwordThat’s so 1996….You already have cloud identities on Facebook, Google, Microsoft, Yahoo!Why not leverage on those?So what are our options to integrate with these identity providers?
  • 5. Enterprise IdP’sMicrosoft Active Directory&Active Directory FederationServices(ADFS)Social IdP’sIdentity Providers (IdP)
  • 6. What does an IdP do?Authenticate against something you know or haveE.g. a password, a smart card, Biometric informationIt hands out tokensTokens contain claimsE.g. your name, email address, age or roleWe can “chain” IdP’sEach IdP can augment the claim set and with that provideadditional claims to the party that uses the token
  • 7. What does your app need to do?It needs to do something with the claimsprovided by the IdPE.g. do a lookup on “nameidentifier” claim andselectively provide access to application resourceshttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierSo an IdP provides an authenticated identity andsome claims about that identityYour app needs to do smart things to authorizethe user based on those claims
  • 8. Possible solutionsIntegrate your app with all different providers out thereRequires trust relationship with each (cloud) identity providerRequires you to implement the integration with each provider,using their selected protocolE.g. OAuth, WS Federation, SAML/P, OpenID, etc.Every time you want to support a new provider, you need toadd that integration to your appUse Windows Azure Active DirectoryUse the Access Control Service (ACS)
  • 9. You can add any WS-Federation or Open IDcompliant IdP such as a corporate ADFSAccess Control Service (ACS)You integrate with ACSACS handles integration with others:Facebook, Yahoo, Windows ID, Google ID, …
  • 10. ACS TerminologySTSSecurity Token ServiceAny party that can issue an authentication tokenIdentity Provider (IdP)Party that maintains the user identity, e.g. Windows Live,Google, Yahoo, etc.Relying PartyThis is the party relying on some IdP to hand over a set ofclaims about who that identity is, i.e. your appWindows live -> Unique idGoogle -> Email Address
  • 11. SAML & Cookie based authentication versus SimpleWeb Tokens and HTTP header based authenticationSAML or SWT?You can use SAML or SWTWhat are the tradeoffs?It depends on your services
  • 12. Call a service with SWTWhen using rest service, you can simply add a customheader to your request (HttpClient, WebClient)When using WCF & SOAP, you need to add a customheader to the requeststring headerValue = string.Format("WRAP access_token="{0}"", token);client.Headers.Add("Authorization", headerValue);using (var ctx = new OperationContextScope(proxy.InnerChannel)){HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();httpRequestProperty.Headers[HttpRequestHeader.Authorization] =String.Format("WRAP access_token="{0}"", token);OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] =httpRequestProperty;}
  • 13. Call a service with SAML Token(cookie based)When using rest service, you need to add the cookie tothe cookie collection in the header of requestFor SOAP using WCF stack simply use CookieContainerCookieCollection coll = App.AuthenticationCookieContainer;WebClient webrequest = new WebClient();String cookiestring ="" ;foreach (Cookie cookie in coll){ if (count++ > 0){cookiestring += "; ";}cookiestring += cookie.Name + "=" + cookie.Value;}webrequest.Headers[HttpRequestHeader.Cookie] = cookiestring;EventsServices.EventsDomainServicesoapClient proxy = newEventsServices.EventsDomainServicesoapClient();proxy.CookieContainer = App.AuthenticationCookieContainer;
  • 14. Your (web) services (RP)Identity Providers (IdP)redirectACS (STS)AuthenticateGet IdP listAccess the serviceredirectGet token/cookieWIF< soap/> { json }Conceptual model.aspxCookie
  • 15. ISKE Events App
  • 16. Mobile App ACSGetIdentityProviders()Identity ProviderRequest to login pageMap claimsRealmpageACS TokenCookie(containingACS token)Request (with cookie)IDP TokenLoginYourServiceDepending on ACSconfig for SWT or SAMLyou get a header or acookieAuthentication flow
  • 17. SignInWebViewDelegateSignInViewControllerSignInController ACSJSONIdentityProviderDiscoveryClientRelying PartyACS namespaceRealmHttpCookieContainerIdentityProvider
  • 18. LoginViewWebViewWebBrowserAccessControlServiceSignIn controlACSJSONIdentityProviderDiscoveryClientRelying PartyACS namespaceRealmHttpCookieContainerIdentityProvider
  • 19. SignInActivitySignInWebViewIdentityProviderListActivitySignInController ACSJSONIdentityProviderDiscoveryClientRelying Party[navigate]ACS namespaceRealmHttpCookieContainerIdentityProvider
  • 20. I want that! NOW!We’ll publish the code on CodePlexAnd depending on demand:Nuget package and Xamarin Store
  • 21. Wait, what aboutWindows Azure Toolkit?It’s deprecatedReplacement does not provide thesame experienceOur code is a fork of the originalAND works on multiple platforms!
  • 22. @roycornelissenroycornelissen.wordpress.comThank you!@marcelvblogs.infosupport.com/marcelvCome see us again,tomorrow at 1.30 PM

×