Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mixing Identity server, AAD, ASP .NET Identity

55 views

Published on

Mixing Identity Server, ASP .NET Core Identity, Azure Active Directory and Open Id Connect standard

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mixing Identity server, AAD, ASP .NET Identity

  1. 1. 1 ARGOMENTO
  2. 2. 2 ARGOMENTO Mixing IdentityServer ASP .NET Identity Azure Active Directory
  3. 3. ATosato86 andreatosato andrea.tosato ANDREA TOSATO
  4. 4. Identity Server Dove partire per iniziare
  5. 5. Templating dotnet new -i identityserver4.templates dotnet new is4empty dotnet new is4ui dotnet new is4inmem dotnet new is4aspid dotnet new is4ef dotnet new is4admin http://docs.identityserver.io/en/release/index.html
  6. 6. Identity Server Terminology
  7. 7. IdentityServer - Stato applicazioni moderne
  8. 8. IdentityServer
  9. 9. Identity Server - Concetti ❑ User ❑ Client ❑ Resources Resources are something you want to protect with IdentityServer - either identity data of your users, or APIs. • Api Resources (Risorse legate alla claimIdentity utilizzata nell’api) • Identity Resources (Risorse legate all’identity e che vengono inserite nell’access token) (UserInfo Endpoint) https://identityserver4.readthedocs.io/en/latest/endpoints/userinfo.html
  10. 10. Differenze tra i Token Identity Token An identity token represents the outcome of an authentication process. It contains at a bare minimum an identifier for the user (called the sub aka subject claim) and information about how and when the user authenticated. It can contain additional identity data. Access Token An access token allows access to an API resource. Clients request access tokens and forward them to the API. Access tokens contain information about the client and the user (if present). APIs use that information to authorize access to their data.
  11. 11. Extension Grant http://docs.identityserver.io/en/release/topics/extension_grants.html
  12. 12. Cookies preserve OIDC state in cache (solves problems with AAD and URL lenghts) • services.AddOidcStateDataFormatterCache(); cookie policy to deal with temporary browser incompatibilities • services.AddSameSiteCookiePolicy();
  13. 13. Demo
  14. 14. Identity Server Seed Data
  15. 15. Demo
  16. 16. ASP .NET Core Identity
  17. 17. ASP .NET Core Identity - Entità • AspNetUsers (Tabella utenti) • AspNetUserClaims (Claim utente) • AspNetUserRoles (Ruoli utente) • AspNetRoles (Ruoli intera applicazione) • AspNetRoleClaims (Claim assegnati a ogni ruolo) • AspNetUserLogins (Login-Provider autenticazione) • AspNetUserTokens (Memorizza i token per il two factor)
  18. 18. ASP .NET Core Identity • SignInManager (Autenticazione lato Server) • RoleManager (Gestione dei ruoli) • UserManager (Gestione dell’utente)
  19. 19. Add Migrations Installare il tool • dotnet tool install --global dotnet-ef https://docs.microsoft.com/it-it/ef/core/miscellaneous/cli/dotnet • dotnet add package Microsoft.EntityFrameworkCore.Design • Creare la migrazione dotnet ef migrations add -h
  20. 20. Add Migrations Crea la migrazione per il DB Context • dotnet ef migrations add [NomeMigrazione] --context [NomeContext] --project [NomeProject] --output-dir [OutputDir] • dotnet ef migrations add Config --context ConfigurationDbContext --output-dir DataConfigurationConfigurationDb --project srcis4admin
  21. 21. Identity Server Azure Active Directory
  22. 22. Demo portale
  23. 23. App Registration – common errors
  24. 24. App Registration – common errors
  25. 25. Sample https://github.com/andreatosato/IdentityServer
  26. 26. Grazie Domande? andreatosato ATosato86 andrea.tosato

×