Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AWS re:Invent 2018

•

0 likes•178 views

The area of identity, authentication, and authorization has significantly evolved in recent years, and this often leaves customers unsure of how to solve for user authentication with .NET applications hosted on AWS. In this workshop, we attempt to baseline the most common technology choices for .NET authentication (Windows Integrated Authentication, SAML, OpenID Connect, OAuth, etc.) and discuss the most common architectures and configurations that customers can leverage when running .NET applications on AWS. Attendees also have a chance to run through hands-on lab exercises for each of the architectures discussed.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Solving for Identity and Authentication
with .NET Apps on AWS
Sreelaxmi Pai
Partner Solutions Architect
Amazon Web Services
G P S W S 4 0 8
Luis Molina
Partner Solutions Architect
Amazon Web Services

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
microsoft@amazon.com

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
12:15 – 12:30 Introduction to the workshop
12:45 – 2:30 Hands-on walkthrough / Q&A

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How we think about authenticating to
AWS
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users
App ServerWeb Server
Example
Corp
DB Server
App ServerWeb Server DB Server
AWS
Admin UsersEnd Users
IAM / Console / API
End Users

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Federated Authentication?
Auth Grant Flow
Single Sign-On
WS-Fed
SAML 1.1
SAML 2.0
OAUTH
JWT
OpenID
Implicit Flow
Authorization Code Flow
OpenID Connect
Realm
Redirect URI
Grant TypeAccess Token
Refresh Token Auth Code Flow

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authorization specifying/controlling access
rights/privileges to resources
Authentication verifying the identity of a user (they
are who they claim to be)
Let’s baseline some stuff
Authentication
Authorization

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting identity right
Security first
Minimize user friction
Prepare for success

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Cognito

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SSO

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Wrapping it up
AWS SSO and Amazon Cognito enables easy
integration with apps
Let Amazon handle authentication
Spend time building great apps

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose your own challenge
Walkthrough 1: Amazon Cognito User Pool with .NET core app using OpenID Connect

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Walkthrough 2: Federating .Net Core App to Azure AD using OpenID Connect
Choose your own challenge

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose your own challenge

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hands-on guide
Challenge 1(Part 1): http://www.awslab.io/dotnet/userpool/
Challenge 1(Part 2): http://www.awslab.io/dotnet/federatingdotnet-s/
Challenge 2: http://www.awslab.io/dotnet/federatingdotnet/

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build your environment
Select the Canada (Central) Region
Go to EC2 and build new instance based on this AMI:
ami-0cd759268cc9ff7a4
Select m5.large and use Administrator password “VSToolkit@reInvent”

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
http://www.awslab.io/dotnet/awssso/
Bonus challenge

Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Sreelaxmi Pai
laxmipai@amazon.com
Luis Molina
lgmolina@amazon.com

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

What's hot

Customers migrating to AWS can use AWS Migration Hub to obtain a single view of all migrations into AWS. In this session, we provide an in-depth walkthrough of migration execution best practices and automated migration tracking. Learn how to use the Migration Hub migration dashboard to quickly understand the current state and velocity of your application migrations and effortlessly provide your CEO, CIO, and other key stakeholders an up-to-date status of migrating your portfolio.

Eliminate Migration Confusion: Speed Migration with Automated Tracking (ENT31...

Amazon Web Services

AWS offers fully managed file storage services that enable you to quickly and simply lift-and-shift or build new applications that access file data in the AWS Cloud. In this chalk talk, we discuss the AWS file storage solutions, and we diagram different architectures and techniques to help you get the most out of your file storage deployments. We discuss cloud-native and hybrid solutions, and we examine best practices for ingestion, performance, and manageability. Learn how to migrate your mission-critical enterprise applications and compute-intensive workloads to get the performance you need in a cost-effective way. Bring your questions, prepare to talk about your implementation, and expect to have a deep discussion on how you can optimize your own workflows.

Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...

Amazon Web Services

Design with Ops in Mind.pdf

Amazon Web Services

Deploying frequently is fundamental to reduce the feedback loop and increase developer productivity. There are multiple features available in AWS Lambda, Amazon API Gateway and AWS SAM that can be used to implement a continuous deployment pipeline using safe deployment strategies such as canary releases. In this session, we'll review the possible options applied to different scenarios such as microservices architectures, chaos engineering, and A/B testing, to find out the best practices for your use cases. You will also hear how teams at Capital One created a deployment pipeline using AWS SAM and AWS CodeDeploy for canary deployments for the Capital One Credit Offers API, which is built on Golang and AWS Lambda.

Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...

Amazon Web Services

VMware Cloud on AWS – Technical Deep Dive.pdf

Amazon Web Services

Private Network Connectivity: Connecting AWS into Public Sector Networks (WPS...

Amazon Web Services

Enabling Compliance with GDPR on AWS.pdf

Amazon Web Services

Many organizations view security and risk & compliance functions as blockers to innovation. This chalk talk identifies the changes that are needed in executive engagement, budgeting, skills planning, and resource allocation to transform these perceived blockers into partners for innovation. We walk through an approach which can be used to address enterprise-level security, risk management, and compliance strategy. In addition, we share some key security & risk lessons from early enterprise adopters of AWS.

How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...

Amazon Web Services

Enabling interactive data and analytics for thousands of users can be expensive and challenging—from having to forecast usage, provisioning and managing servers, to securing data, governing access, and ensuring auditability. In this session, learn how Amazon QuickSight’s serverless architecture and pay-per-session pricing enabled the National Football League (NFL) and Forwood Safety to roll out interactive dashboards to hundreds and thousands of users. Understand how the NFL utilizes embedded Amazon QuickSight dashboards to provide clubs, broadcasters, and internal users with Next Gen Stats data collected from games. Also, learn about Forwood's journey to enabling dashboards for thousands of Rio Tinto users worldwide, utilizing Amazon QuickSight readers, federated single sign-on, dynamic defaults, email reports, and more.

NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...

Amazon Web Services

In this session, we outline the five levels of cloud operations automation, providing a clear path and maturity model for achieving security, compliance, and architecture best practices. Using real-world case studies from Fortune 100 enterprises, we demonstrate how secure AWS Landing Zones and policy-based, automated guardrails accelerate the safe migration and ongoing operation of hundreds of enterprise applications, putting your team on the road to DevSecOps maturity. This session is brought to you by AWS partner, Turbot HQ, Inc.

Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...

Amazon Web Services

SaaS presents developers with a unique blend of architectural challenges. Supporting a multi-tenant model often means re-thinking your approach to almost every layer of your architecture. Onboarding, security, data partitioning, tenant isolation, identity—these are areas that must be factored into how you design, build, and deploy your SaaS solution. Of course, the best way to wrap your mind around these SaaS architectural principles is to dig into a working example. In this workshop, we’ll expose you to the core concepts of SaaS architecture then dive into a reference SaaS architecture where you can see the moving parts of a SaaS solution in action. The goal here is to provide a series of activities that allow you to interact with a functional solution, introducing code and configuration that realizes and extends the capabilities of this SaaS environment. Through this combination of a brief lecture and hands-on exercises, you’ll get a healthy dose of SaaS best practices all through the lens of a working reference solution.

Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS ...

Amazon Web Services

The cloud offers a first-in-a-career opportunity to constantly optimize your costs as you grow and stay on the leading edge of innovation. By developing a cost-conscious culture and assigning the responsibility for efficiency to the appropriate business owners, you can deliver innovation efficiently and cost effectively. In this session, we share The Vanguard Group’s real-world experience of optimizing their costs, and we review a wide range of cost planning, monitoring, and optimization strategies.

Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018

Amazon Web Services

In this session, learn how AWS can help you innovate faster with DevOps, microservices, and serverless. Join us for a rare and intimate discussion with AWS senior leaders: David Richardson, VP of Serverless, Ken Exner, director of AWS Developer Tools, and Deepak Singh, director of Compute Services, Containers, and Linux. Hear them share development best practices and discuss key learnings from building modern applications at Amazon.com. Also, learn how developers can leverage containers, AWS Lambda, and developer tools to build and run production applications in the cloud.

Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...

Amazon Web Services

Learn how to architect fully available and scalable Microsoft solutions and environments in AWS. Find out how Microsoft solutions can leverage various AWS services to achieve more resiliency, replace unnecessary complexity, simplify architecture, provide scalability, and introduce DevOps concepts, such as compliance, governance, automation, and repeatability. Also, plan authentication and authorization, and explore various hybrid scenarios with other cloud environment and on-premises solutions or infrastructure. Learn about common architecture patterns for network design, Microsoft Active Directory, and business productivity solutions like Dynamics AX, CRM, and Microsoft SharePoint, also common scenarios for custom .NET, .NET Core with Microsoft SQL deployments and migrations.

ENT201 Simplifying Microsoft Architectures with AWS Services

Amazon Web Services

For many IT professionals, cloud data protection can be challenging. In this session, we explore options for protecting and restoring your Amazon EC2 instances, relational databases, and NoSQL databases, such as MongoDB and Cassandra. We show you how solutions such as Rubrik Cloud Data Management and Rubrik Datos IO augment your Amazon EC2 backup strategy, including lifecycle management of Amazon EBS snapshots and Amazon Machine Images (AMI), automation and simplification of Amazon EBS volume and file-level restores from Amazon EBS snapshots, and application-consistent backup and recovery for Oracle, Microsoft SQL Server, MongoDB, and Cassandra databases on Amazon EC2. This session is brought to you by AWS partner, Rubrik.

Protecting Amazon EC2 Instances, Relational Databases, and NoSQL Workloads (S...

Amazon Web Services

Do you want to understand governance across all of your AWS accounts? Are you struggling to get visibility into the compliance of your AWS resources? Join us in this session as we explore the new multi-account, multi-region data aggregation capability in AWS Config, which enables centralized governance and monitoring of compliance status across your AWS infrastructure. You learn how to use this exciting new capability to centrally monitor your compliance status across accounts, across regions, within your AWS Organization.

SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config

Amazon Web Services

Are you considering using AWS Lambda with your RDS/RDBMS solutions but don’t know where to start? In this session, we look at recommended architectural patterns and best practices around using RDS/RDBMS solutions with Lambda functions. We also discuss migration steps—covering migration from on-premises RDBMS solutions to AWS serverless infrastructure keeping the same RDBMS application model. Come and join our discussion, ask questions, and learn more about using Lambda with RDS/RDBMS solutions.

Best Practices for Using AWS Lambda with RDS/RDBMS Solutions (SRV301-R1) - AW...

Amazon Web Services

SaaS presents developers with a unique blend of architectural challenges. While the concepts of multi-tenancy are straightforward, the reality of making all the moving part work together can be daunting. For this session, we’ll move beyond the conceptual bits of SaaS and look under the hood of a SaaS application. The goal here is to examine the fundamentals of identity, data partitioning, and tenant isolation through the lens of a working solution and highlight the challenges and strategies associated with building a next-generation SaaS application on AWS. We’ll look at the full lifecycle of registering new tenants, applying security policies to prevent cross-tenant access, and leveraging tenant profiles to effectively distribute and partition tenant data. The goal here is to connect many of the conceptual dots of a SaaS implementation, highlighting the tradeoffs and considerations that will shape your approach to SaaS architecture.

Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...

Amazon Web Services

Elastic Fabric Adapter (EFA) is a network interface for Amazon EC2 instances that enables customers to run HPC applications requiring high levels of inter-instance communications, like computational fluid dynamics, weather modeling, and reservoir simulation, at scale on AWS. It uses a custom-built operating system bypass technique to enhance the performance of inter-instance communications, which is critical to scaling HPC applications. With EFA, HPC applications using popular HPC technologies like Message Passing Interface (MPI) can scale to thousands of CPU cores. Get a deep dive on EFA and learn how to use EFA to enhance application performance for your HPC workloads.

[NEW LAUNCH!] Scaling Tightly-coupled HPC workloads on HPC with Elastic Fabri...

Amazon Web Services

Containers are becoming one of the new normal infrastructures for deploying applications. One of the challenges that customers face is how to secure their applications. Traditional security practices and tools are designed for applications running directly on the hosts, whereas containers are virtualized and multi-tenant. In this session, learn about techniques that can be used to secure hosts, containers themselves, and the applications hosted in individual containers. We look at using Amazon ECS with Amazon EC2, AWS Fargate, and Amazon EKS, and we discuss what techniques and best practices to employ as part of CI/CD processes and for running applications.

Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018

Amazon Web Services

What's hot (20)