More Related Content Similar to Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AWS re:Invent 2018 (20) More from Amazon Web Services (20) Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Solving for Identity and Authentication
with .NET Apps on AWS
Sreelaxmi Pai
Partner Solutions Architect
Amazon Web Services
G P S W S 4 0 8
Luis Molina
Partner Solutions Architect
Amazon Web Services
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
microsoft@amazon.com
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
12:15 – 12:30 Introduction to the workshop
12:45 – 2:30 Hands-on walkthrough / Q&A
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How we think about authenticating to
AWS
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Federated Authentication?
Auth Grant Flow
Single Sign-On
WS-Fed
SAML 1.1
SAML 2.0
OAUTH
JWT
OpenID
Implicit Flow
Authorization Code Flow
OpenID Connect
Realm
Redirect URI
Grant TypeAccess Token
Refresh Token Auth Code Flow
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authorization specifying/controlling access
rights/privileges to resources
Authentication verifying the identity of a user (they
are who they claim to be)
Let’s baseline some stuff
Authentication
Authorization
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting identity right
Security first
Minimize user friction
Prepare for success
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Cognito
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SSO
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SSO
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Wrapping it up
AWS SSO and Amazon Cognito enables easy
integration with apps
Let Amazon handle authentication
Spend time building great apps
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose your own challenge
Walkthrough 1: Amazon Cognito User Pool with .NET core app using OpenID Connect
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Walkthrough 2: Federating .Net Core App to Azure AD using OpenID Connect
Choose your own challenge
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose your own challenge
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hands-on guide
Challenge 1(Part 1): http://www.awslab.io/dotnet/userpool/
Challenge 1(Part 2): http://www.awslab.io/dotnet/federatingdotnet-s/
Challenge 2: http://www.awslab.io/dotnet/federatingdotnet/
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build your environment
Select the Canada (Central) Region
Go to EC2 and build new instance based on this AMI:
ami-0cd759268cc9ff7a4
Select m5.large and use Administrator password “VSToolkit@reInvent”
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
http://www.awslab.io/dotnet/awssso/
Bonus challenge
19. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Sreelaxmi Pai
laxmipai@amazon.com
Luis Molina
lgmolina@amazon.com
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.