SlideShare a Scribd company logo

Вячеслав Михайлов «Как сделать Single Sign-On в веб-приложении в 10 строк кода»

Download as PPTX, PDF
Yulia Tsisyk
Yulia Tsisyk

This document discusses single sign-on (SSO) using approximately 10 lines of code. It begins with an overview of OAuth2 and OpenID Connect terminology like identification, authentication, authorization, scopes, and tokens. It then discusses Thinktecture Identity Server, an open-source OAuth2 and OpenID Connect framework, and related projects Identity Manager and MembershipReboot. Identity Server provides authentication as a service with features like single sign-on, access control, and customization at many levels. Identity Manager and MembershipReboot provide user management functionality. The document concludes with information on sources and a thank you from the presenter.

Technology
1 of 37
How to do SSO in ~10 lines of code Speaker Vyacheslav Mikhaylov (vmikhaylov@dataart.com) [ IT Talks | IT NotStop | .Net meetup ] 1
Today’s topics • Some theory and history • OAuth2 и Open ID Connect • IndentityServer/IdentityManager • Architecture • How to use 2
Terminology • Identification - login • Authentication – proof login is correct • Authorization – authenticated user can access to some resource 3
4
5
HTTP Basic Authentication 6
HTTP Digest Authentication 7
Forms Authentication 8
Token Authentication 9
Token Authentication 10
Token Authentication 11
Big picture 12
Big picture 13
Terminology 14 • OpenID Connect Provider (OP) - security token service, identity provider, authorization server, IP-STS and more. • Client • User - human • Scope • Identity scopes – openid, profile, email • Resource scopes – various API • Authentication/Token Request • Identity Token • Access Token
15
Token structure (jwt.io) 16
Thinktecture Identity Server 17 • OpenID Connect and OAuth2 • Авторы • Dominick Baier • Brock Allen • Identity Server • Identity Manager • MembershipReboot
Features 18 • Authentication as a Service • Single Sign-on / Sign-out • Access Control for APIs • Federation • Customization everywhere
19 Identity Manager Identity Server Membership Reboot User Storage MS SQL Token Service Storage MS SQL Store Users Auth Users Scope/Clients Storage MS SQL Scope/ClientsTokens/Sessions User Manage Users LoginShow Login/Consent
20 Server
21 Server
22 API
23 API
24 API
25 Client
26 Client
What is Identity Server 27 • Authorization/Authentication • Token • UserInfo • Discovery • Logout • Token Revocation • Token Introspection • Access Token Validation • Identity Token Validation
Customization 28 • AuthenticationSessionValidator, AuthorizationCodeStore • ClaimsProvider, ClientPermissionsService • ClientStore, ConsentService, ConsentStore • CorsPolicyService, CustomGrantValidators, CustomRequestValidator, CustomTokenResponseGenerator, CustomTokenValidator • EventService, ExternalClaimsFilter, LocalizationService, RedirectUriValidator • RefreshTokenService, RefreshTokenStore, ScopeStore • SecretParsers, SecretValidators, SigningKeyService • TokenHandleStore, TokenService, TokenSigningService, UserService • ViewService
Customization 29 • AuthenticationSessionValidator, AuthorizationCodeStore • ClaimsProvider, ClientPermissionsService • ClientStore, ConsentService, ConsentStore • CorsPolicyService, CustomGrantValidators, CustomRequestValidator, CustomTokenResponseGenerator, CustomTokenValidator • EventService, ExternalClaimsFilter, LocalizationService, RedirectUriValidator • RefreshTokenService, RefreshTokenStore, ScopeStore • SecretParsers, SecretValidators, SigningKeyService • TokenHandleStore, TokenService, TokenSigningService, UserService • ViewService
Customization 30 • ClientStore • ScopeStore • UserService • ViewService
What is Identity Manager 31 • Simple creating users, editing user information (passwords, email, claims, roles, etc.) and deleting users. • Replacement for the ASP.NET WebSite Administration tool User Management
What is MembershipReboot 32 • single- or multi-tenant account management • flexible account storage design (relational/SQL or object/NoSql) • claims-aware user identities • support for account registration, email verification, password reset, etc. • account lockout for multiple failed login attempts (password guessing) • extensible templating for email notifications • customizable username, password and email validation • notification system for account activity and updates (e.g. for auditing) • account linking with external identity providers (enterprise or social) • supports certificate based authentication • proper password storage (via PBKDF2) • configurable iterations • defaults to OWASP recommendations for iterations (e.g. 64K in year 2012) • two factor authentication support via mobile phone SMS messages or client certificates
Demo 33
Источники • https://habrahabr.ru/company/dataart/blog/262817/ • https://identityserver.github.io/Documentation/ • http://openid.net/connect/ • https://tools.ietf.org/html/rfc6749 34
Thank you To be continued…
Identity Server 36
37 Identity Server

Recommended

"Безопасность микросервисных приложений"
"Безопасность микросервисных приложений""Безопасность микросервисных приложений"
"Безопасность микросервисных приложений"
DataArt
 
whosinithtml
whosinithtmlwhosinithtml
whosinithtmlShane Bruce
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015
Vlad Mihnea
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
Worteks
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
Calvin Cheng
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP
 

Recommended

"Безопасность микросервисных приложений"
"Безопасность микросервисных приложений""Безопасность микросервисных приложений"
"Безопасность микросервисных приложений"
DataArt
 
whosinithtml
whosinithtmlwhosinithtml
whosinithtmlShane Bruce
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015
Vlad Mihnea
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
Worteks
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
Calvin Cheng
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP Poland Day 2018 - Johan Peeters - Designing access control with OAuth a...
OWASP
 
Service virtualization with biz talk
Service virtualization with biz talkService virtualization with biz talk
Service virtualization with biz talkSteef-Jan Wiggers
 
Bitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training SessionBitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training Session
Lisa Cheng
 
Asset tokenization an abstract view!
Asset tokenization an abstract view!Asset tokenization an abstract view!
Asset tokenization an abstract view!
VanessaJane4
 
Alpha Education
Alpha EducationAlpha Education
Alpha Education
Alpha20 Group
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
Sanjeev Raman
 
Secure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with KeycloakSecure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
Real-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloudReal-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloud
Radu Vunvulea
 
The Importance of SSL Encryption
The Importance of SSL EncryptionThe Importance of SSL Encryption
The Importance of SSL Encryption
StephanieOrtega20
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
Steven Van de Craen
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Scott Brady
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
Andrea Chiodoni
 
Blockchain: some examples
Blockchain: some examples Blockchain: some examples
Blockchain: some examples
Gianluca De Maria
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
Kamil Lelonek
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Uthaiyashankar
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
Marcin Wolnik
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
Consorci Administració Oberta de Catalunya
 
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Yulia Tsisyk
 
Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"
Yulia Tsisyk
 

More Related Content

What's hot

Service virtualization with biz talk
Service virtualization with biz talkService virtualization with biz talk
Service virtualization with biz talkSteef-Jan Wiggers
 
Bitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training SessionBitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training Session
Lisa Cheng
 
Asset tokenization an abstract view!
Asset tokenization an abstract view!Asset tokenization an abstract view!
Asset tokenization an abstract view!
VanessaJane4
 
Alpha Education
Alpha EducationAlpha Education
Alpha Education
Alpha20 Group
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
Sanjeev Raman
 
Secure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with KeycloakSecure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
Real-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloudReal-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloud
Radu Vunvulea
 
The Importance of SSL Encryption
The Importance of SSL EncryptionThe Importance of SSL Encryption
The Importance of SSL Encryption
StephanieOrtega20
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
Steven Van de Craen
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Scott Brady
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
Andrea Chiodoni
 
Blockchain: some examples
Blockchain: some examples Blockchain: some examples
Blockchain: some examples
Gianluca De Maria
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
Kamil Lelonek
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Uthaiyashankar
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
Marcin Wolnik
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
Consorci Administració Oberta de Catalunya
 

What's hot (20)

Service virtualization with biz talk
Service virtualization with biz talkService virtualization with biz talk
Service virtualization with biz talk
 
Bitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training SessionBitcoin 101 - Certified Bitcoin Professional Training Session
Bitcoin 101 - Certified Bitcoin Professional Training Session
 
Asset tokenization an abstract view!
Asset tokenization an abstract view!Asset tokenization an abstract view!
Asset tokenization an abstract view!
 
Alpha Education
Alpha EducationAlpha Education
Alpha Education
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
 
Secure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with KeycloakSecure Spring Boot Microservices with Keycloak
Secure Spring Boot Microservices with Keycloak
 
Real-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloudReal-time Communication using SignalR and cloud
Real-time Communication using SignalR and cloud
 
The Importance of SSL Encryption
The Importance of SSL EncryptionThe Importance of SSL Encryption
The Importance of SSL Encryption
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
 
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
Secure Authorization for your Printer: The OAuth Device Flow (DevSum 2018)
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
 
Blockchain: some examples
Blockchain: some examples Blockchain: some examples
Blockchain: some examples
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
CGDL2018 - Sessió: "Hacia una nueva era de la identidad digital. El uso de bl...
 

Viewers also liked

Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Yulia Tsisyk
 
Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"
Yulia Tsisyk
 
Илья Ефимов «IoC/DI на примере Autofac»
Илья Ефимов «IoC/DI на примере Autofac»Илья Ефимов «IoC/DI на примере Autofac»
Илья Ефимов «IoC/DI на примере Autofac»
Yulia Tsisyk
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Yulia Tsisyk
 
Сенцов Сергей "Приемы оптимизаций Desktop приложений"
Сенцов Сергей "Приемы оптимизаций Desktop приложений"Сенцов Сергей "Приемы оптимизаций Desktop приложений"
Сенцов Сергей "Приемы оптимизаций Desktop приложений"
Yulia Tsisyk
 
Яков Повар "Системы обмена сообщениями на примере MassTransit"
Яков Повар "Системы обмена сообщениями на примере MassTransit"Яков Повар "Системы обмена сообщениями на примере MassTransit"
Яков Повар "Системы обмена сообщениями на примере MassTransit"
Yulia Tsisyk
 
Илья Фофанов "Обработка ошибок в C#"
Илья Фофанов "Обработка ошибок в C#"Илья Фофанов "Обработка ошибок в C#"
Илья Фофанов "Обработка ошибок в C#"
Yulia Tsisyk
 
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
Yulia Tsisyk
 
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва) Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
Andrey Akinshin
 
Владимир Кошелев «Автоматический поиск ошибок»
Владимир Кошелев «Автоматический поиск ошибок»Владимир Кошелев «Автоматический поиск ошибок»
Владимир Кошелев «Автоматический поиск ошибок»
Yulia Tsisyk
 
Кирилл Маурин «Проектирование и разработка модульных приложений»
Кирилл Маурин «Проектирование и разработка модульных приложений» Кирилл Маурин «Проектирование и разработка модульных приложений»
Кирилл Маурин «Проектирование и разработка модульных приложений»
Yulia Tsisyk
 
The Magic of Tuning in PostgreSQL
The Magic of Tuning in PostgreSQLThe Magic of Tuning in PostgreSQL
The Magic of Tuning in PostgreSQL
Ashnikbiz
 

Viewers also liked (12)

Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
Юлия Цисык «RESTFul API в вашем.NET приложении: как, зачем и почему?»
 
Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"Adam Sitnik "State of the .NET Performance"
Adam Sitnik "State of the .NET Performance"
 
Илья Ефимов «IoC/DI на примере Autofac»
Илья Ефимов «IoC/DI на примере Autofac»Илья Ефимов «IoC/DI на примере Autofac»
Илья Ефимов «IoC/DI на примере Autofac»
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
 
Сенцов Сергей "Приемы оптимизаций Desktop приложений"
Сенцов Сергей "Приемы оптимизаций Desktop приложений"Сенцов Сергей "Приемы оптимизаций Desktop приложений"
Сенцов Сергей "Приемы оптимизаций Desktop приложений"
 
Яков Повар "Системы обмена сообщениями на примере MassTransit"
Яков Повар "Системы обмена сообщениями на примере MassTransit"Яков Повар "Системы обмена сообщениями на примере MassTransit"
Яков Повар "Системы обмена сообщениями на примере MassTransit"
 
Илья Фофанов "Обработка ошибок в C#"
Илья Фофанов "Обработка ошибок в C#"Илья Фофанов "Обработка ошибок в C#"
Илья Фофанов "Обработка ошибок в C#"
 
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
Никита Цуканов "Параллелизм и распределённые вычисления на акторах с Akka.net"
 
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва) Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
Теория и практика .NET-бенчмаркинга (25.01.2017, Москва)
 
Владимир Кошелев «Автоматический поиск ошибок»
Владимир Кошелев «Автоматический поиск ошибок»Владимир Кошелев «Автоматический поиск ошибок»
Владимир Кошелев «Автоматический поиск ошибок»
 
Кирилл Маурин «Проектирование и разработка модульных приложений»
Кирилл Маурин «Проектирование и разработка модульных приложений» Кирилл Маурин «Проектирование и разработка модульных приложений»
Кирилл Маурин «Проектирование и разработка модульных приложений»
 
The Magic of Tuning in PostgreSQL
The Magic of Tuning in PostgreSQLThe Magic of Tuning in PostgreSQL
The Magic of Tuning in PostgreSQL
 

Similar to Вячеслав Михайлов «Как сделать Single Sign-On в веб-приложении в 10 строк кода»

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
Pieter Ennes
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
Anil Saldanha
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Andrew Hughes
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdf
Jorge Alvarez
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
zmulani8
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identity
Gopikrishna Gujjula
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
ForgeRock
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
CloudIDSummit
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
Heather Vescent
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
Olivier Naveau
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
Simon Haslam
 

Similar to Вячеслав Михайлов «Как сделать Single Sign-On в веб-приложении в 10 строк кода» (20)

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdf
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identity
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
CIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul MeyerCIS 2015 Extreme OAuth - Paul Meyer
CIS 2015 Extreme OAuth - Paul Meyer
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 

Вячеслав Михайлов «Как сделать Single Sign-On в веб-приложении в 10 строк кода»

Editor's Notes

  1. Encoded Base64
  2. Encoded Base64
  3. Encoded Base64
  4. Encoded Base64
  5. Encoded Base64
  6. Encoded Base64