Skip to main content

OpenId Authentication with AspNet Identity Core

This is a very simple trick to make AspNet Identity work with OpenId Authentication. More of all both approach is completely separate to each other, there is no any connecting point.

I am using Microsoft.AspNetCore.Authentication.OpenIdConnect package to configure but it should work with any other.

Configuring under Startup.cs with IAppBuilder
 app.UseCookieAuthentication(new CookieAuthenticationOptions  
 {  
   AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,  
   LoginPath = new PathString("/Account/Login"),  
   CookieName = "MyProjectName",  
 })  
   .UseIdentity()  
   .UseOpenIdConnectAuthentication(new OpenIdConnectOptions  
   {  
     ClientId = "<AzureAdClientId>",  
     Authority = String.Format("https://login.microsoftonline.com/{0}", "<AzureAdTenant>"),  
     ResponseType = OpenIdConnectResponseType.IdToken,  
     PostLogoutRedirectUri = "<my website url>",  
     AutomaticChallenge = false,  
     Events = new OpenIdConnectEvents  
     {  
       OnTicketReceived = OnTicketReceived,  
       //OnAuthenticationFailed = OnAuthenticationFailed,  
       //OnRemoteFailure = OnRemoteFailure  
     },  
     AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme  
   });

Over here there are two most important items to make compatible with AspNet Identity.
AutomaticChallenge = false, it would restrict from redirecting to OpenId Connect when a user comes to the site so that they would have the option to log in through OpenIdConnect or AspNet Identity.
OnTicketReceived = OnTicketReceived This is a delegate through which we can allow users coming from OpenIdConnect to register in our system through AspNet Identity. This is triggered once the user is authorized and successfully return to our website.

Implementation under AspNet Identity for  OnTicketReceived
The above delegate has a parameter to get System.Security.Claims.ClaimsPrincipal. So, a factory can be created to get data model for User.

To simplify we can create a function under UserManager to register user through Claims.

 public class MyProjectUserManager  
      : UserManager<User>  
 {       
      public async Task<IdentityResult> CreateAsync(ClaimsPrincipal claimsPrincipal)  
      {  
           if (principal == null || !principal.Claims.Any())  
           {  
                throw new ArgumentException(nameof(principal));  
           }  
           // TODO: Compose user based on need.  
           var user = new User  
           {  
                UserName = principal.FindFirst(c => c.Type == ClaimTypes.Name)?.Value,  
                Email = principal.FindFirst(c => c.Type == ClaimTypes.Email)?.Value,  
           };  
           return await CreateAsync(user);  
      }  
 }

That is all we need. Now the implementation of OnTicketReceived is simple.

 private async Task OnTicketReceived(TicketReceivedContext ticketReceivedContext)  
 {  
   // TODO: Need to be registered in service collection and set ServiceProvider is 
   //       property to get services. Which can done through services.BuildServiceProvider()
   var userManager = ServiceProvider.GetService<MyProjectUserManager>();  
   await userManager.CreateAsync(ticketReceivedContext.Principal);  
 }


  

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Making FluentValidation compatible with Swagger including Enum or fixed List support

FluentValidation is not directly compatible with Swagger API to validate models. But they do provide an interface through which we can compose Swagger validation manually. That means we look under FluentValidation validators and compose Swagger validator properties to make it compatible. More of all mapping by reading information from FluentValidation and setting it to Swagger Model Schema. These can be done on any custom validation from FluentValidation too just that proper schema property has to be available from Swagger. Custom validation from Enum/List values on FluentValidation using FluentValidation.Validators; using System.Collections.Generic; using System.Linq; using static System.String; /// <summary> /// Validator as per list of items. /// </summary> /// <seealso cref="PropertyValidator" /> public class FixedListValidator : PropertyValidator { /// <summary> /// Gets the valid items /// <...
1 comment
Read more

Elegantly dealing with TimeZones in MVC Core / WebApi

In any new application handling TimeZone/DateTime is mostly least priority and generally, if someone is concerned then it would be handled by using DateTime.UtcNow on codes while creating current dates and converting incoming Date to UTC to save on servers. Basically, the process is followed by saving DateTime to UTC format in a database and keep converting data to native format based on user region or single region in the application's presentation layer. The above is tedious work and have to be followed religiously. If any developer misses out the manual conversion, then that area of code/view would not work. With newer frameworks, there are flexible ways to deal/intercept incoming or outgoing calls to simplify conversion of TimeZones. These are steps/process to achieve it. 1. Central code for storing user's state about TimeZone. Also, central code for conversion logic based on TimeZones. 2. Dependency injection for the above class to ...
4 comments
Read more

Kendo MVC Grid DataSourceRequest with AutoMapper

Kendo Grid does not work directly with AutoMapper but could be managed by simple trick using mapping through ToDataSourceResult. The solution works fine until different filters are applied. The problems occurs because passed filters refer to view model properties where as database model properties are required after AutoMapper is implemented. So, the plan is to intercept DataSourceRequest  and modify names based on database model. To do that we are going to create implementation of  CustomModelBinderAttribute to catch calls and have our own implementation of DataSourceRequestAttribute from Kendo MVC. I will be using same source code from Kendo but will replace column names for different criteria for sort, filters, group etc. Let's first look into how that will be implemented. public ActionResult GetRoles([MyDataSourceRequest(GridId.RolesUserGrid)] DataSourceRequest request) { if (request == null) { throw new Argume...
Post a Comment
Read more

Handling JSON DateTime format on Asp.Net Core

This is a very simple trick to handle JSON date format on AspNet Core by global settings. This can be applicable for the older version as well. In a newer version by default, .Net depends upon Newtonsoft to process any JSON data. Newtonsoft depends upon Newtonsoft.Json.Converters.IsoDateTimeConverter class for processing date which in turns adds timezone for JSON data format. There is a global setting available for same that can be adjusted according to requirement. So, for example, we want to set default formatting to US format, we just need this code. services.AddMvc() .AddJsonOptions(options => { options.SerializerSettings.DateTimeZoneHandling = "MM/dd/yyyy HH:mm:ss"; });
1 comment
Read more

LDAP with ASP.Net Identity Core in MVC with project.json

Lightweight Directory Access Protocol (LDAP), the name itself explain it. An application protocol used over an IP network to access the distributed directory information service. The first and foremost thing is to add references for consuming LDAP. This has to be done by adding reference from Global Assembly Cache (GAC) into project.json "frameworks": { "net461": { "frameworkAssemblies": { "System.DirectoryServices": "4.0.0.0", "System.DirectoryServices.AccountManagement": "4.0.0.0" } } }, These  System.DirectoryServices  and  System.DirectoryServices.AccountManagement  references are used to consume LDAP functionality. It is always better to have an abstraction for irrelevant items in consuming part. For an example, the application does not need to know about PrincipalContext or any other dependent items from those two references to make it extensible. So, we can begin wi...
Post a Comment
Read more

Using Redis distributed cache in dotnet core with helper extension methods

Redis cache is out process cache provider for a distributed environment. It is popular in Azure Cloud solution, but it also has a standalone application to operate upon in case of small enterprises application. How to install Redis Cache on a local machine? Redis can be used as a local cache server too on our local machines. At first install, Chocolatey https://chocolatey.org/ , to make installation of Redis easy. Also, the version under Chocolatey supports more commands and compatible with Official Cache package from Microsoft. After Chocolatey installation hit choco install redis-64 . Once the installation is done, we can start the server by running redis-server . Distributed Cache package and registration dotnet core provides IDistributedCache interface which can be overrided with our own implementation. That is one of the beauties of dotnet core, having DI implementation at heart of framework. There is already nuget package available to override IDistributedCache i...
3 comments
Read more

Trim text in MVC Core through Model Binder

Trimming text can be done on client side codes, but I believe it is most suitable on MVC Model Binder since it would be at one place on infrastructure level which would be free from any manual intervention of developer. This would allow every post request to be processed and converted to a trimmed string. Let us start by creating Model binder using Microsoft.AspNetCore.Mvc.ModelBinding; using System; using System.Threading.Tasks; public class TrimmingModelBinder : IModelBinder { private readonly IModelBinder FallbackBinder; public TrimmingModelBinder(IModelBinder fallbackBinder) { FallbackBinder = fallbackBinder ?? throw new ArgumentNullException(nameof(fallbackBinder)); } public Task BindModelAsync(ModelBindingContext bindingContext) { if (bindingContext == null) { throw new ArgumentNullException(nameof(bindingContext)); } var valueProviderResult = bindingContext.ValueProvider.GetValue(bin...
2 comments
Read more

Kendo MVC Grid DataSourceRequest with AutoMapper - Advance

The actual process to make DataSourceRequest compatible with AutoMapper was explained in my previous post  Kendo MVC Grid DataSourceRequest with AutoMapper , where we had created custom model binder attribute and in that property names were changed as data models. In this post we will be looking into using AutoMapper's Queryable extension to retrieve the results based on selected columns. When  Mapper.Map<RoleViewModel>(data)  is called it retrieves all column values from table. The Queryable extension provides a way to retrieve only selected columns from table. In this particular case based on properties of  RoleViewModel . The previous approach that we implemented is perfect as far as this article ( 3 Tips for Using Telerik Data Access and AutoMapper ) is concern about performance where it states: While this functionality allows you avoid writing explicit projection in to your LINQ query it has the same fatal flaw as doing so - it prevents the qu...
Post a Comment
Read more

Dependency Injection through XML configuration and XML transformation through SlowCheetah

Dependency Injection (DI) is a design pattern to change definition by substituting object without changing code for the application. The most popular DI type is to construct classes based on certain interface and pass actual object on constructor level. What are we trying to do? We will be looking into a way to achieve dependency injection through XML configuration based on  build selection . The implemented classes derived through interface will get switched based on build selection. Where to use it? I really hate making dependencies with something specific which can be changed later on. In my case, Azure environment. I believe Azure is more like a platform where we can host the application rather then integrating the application with Azure. What if client decided to switch to other hosting environment, in that case we got to change every piece of code wherever Azure SDKs are referred. The above one is merely an example. We can use this approach on many other item as wel...
Post a Comment
Read more

Custom authorization based on dotnet core policy with Attribute filter

Around 2.5 years back I had written about custom authorization on MVC  Custom authorization on class, action/function, code, area level under Asp.Net MVC application , there are few approaches which are changed in Core version for authorization. Like Authorization filter approach is discouraged since it cannot be unit tested. I believe this is right step but also global or basic authentication could still be driven by Attribute due to enhancing simplicity on codes by focusing on the primary objective rather than writing authorization check everywhere. The whole approach and usage remain same from the original Post, in this, we would be just looking into making it compatible with dotnet Core MVC. You would need to go through earlier Post to understand the approach that was taken for authorization of a user. Also, can go through official post: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies to understand new approach. More of all we need to create...
Post a Comment
Read more