Skip to main content

OpenId Authentication with AspNet Identity Core

This is a very simple trick to make AspNet Identity work with OpenId Authentication. More of all both approach is completely separate to each other, there is no any connecting point.

I am using Microsoft.AspNetCore.Authentication.OpenIdConnect package to configure but it should work with any other.

Configuring under Startup.cs with IAppBuilder
 app.UseCookieAuthentication(new CookieAuthenticationOptions  
 {  
   AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,  
   LoginPath = new PathString("/Account/Login"),  
   CookieName = "MyProjectName",  
 })  
   .UseIdentity()  
   .UseOpenIdConnectAuthentication(new OpenIdConnectOptions  
   {  
     ClientId = "<AzureAdClientId>",  
     Authority = String.Format("https://login.microsoftonline.com/{0}", "<AzureAdTenant>"),  
     ResponseType = OpenIdConnectResponseType.IdToken,  
     PostLogoutRedirectUri = "<my website url>",  
     AutomaticChallenge = false,  
     Events = new OpenIdConnectEvents  
     {  
       OnTicketReceived = OnTicketReceived,  
       //OnAuthenticationFailed = OnAuthenticationFailed,  
       //OnRemoteFailure = OnRemoteFailure  
     },  
     AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme  
   });  

Over here there are two most important items to make compatible with AspNet Identity.
AutomaticChallenge = false, it would restrict from redirecting to OpenId Connect when a user comes to the site so that they would have the option to log in through OpenIdConnect or AspNet Identity.
OnTicketReceived = OnTicketReceived This is a delegate through which we can allow users coming from OpenIdConnect to register in our system through AspNet Identity. This is triggered once the user is authorized and successfully return to our website.

Implementation under AspNet Identity for  OnTicketReceived
The above delegate has a parameter to get System.Security.Claims.ClaimsPrincipal. So, a factory can be created to get data model for User.

To simplify we can create a function under UserManager to register user through Claims.

 public class MyProjectUserManager  
      : UserManager<User>  
 {       
      public async Task<IdentityResult> CreateAsync(ClaimsPrincipal claimsPrincipal)  
      {  
           if (principal == null || !principal.Claims.Any())  
           {  
                throw new ArgumentException(nameof(principal));  
           }  
           // TODO: Compose user based on need.  
           var user = new User  
           {  
                UserName = principal.FindFirst(c => c.Type == ClaimTypes.Name)?.Value,  
                Email = principal.FindFirst(c => c.Type == ClaimTypes.Email)?.Value,  
           };  
           return await CreateAsync(user);  
      }  
 }  

That is all we need. Now the implementation of OnTicketReceived is simple.

 private async Task OnTicketReceived(TicketReceivedContext ticketReceivedContext)  
 {  
   // TODO: Need to be registered in service collection and set ServiceProvider is 
   //       property to get services. Which can done through services.BuildServiceProvider()
   var userManager = ServiceProvider.GetService<MyProjectUserManager>();  
   await userManager.CreateAsync(ticketReceivedContext.Principal);  
 }  


  

Comments

Popular posts from this blog

Elegantly dealing with TimeZones in MVC Core / WebApi

In any new application handling TimeZone/DateTime is mostly least priority and generally, if someone is concerned then it would be handled by using DateTime.UtcNow on codes while creating current dates and converting incoming Date to UTC to save on servers. Basically, the process is followed by saving DateTime to UTC format in a database and keep converting data to native format based on user region or single region in the application's presentation layer. The above is tedious work and have to be followed religiously. If any developer misses out the manual conversion, then that area of code/view would not work. With newer frameworks, there are flexible ways to deal/intercept incoming or outgoing calls to simplify conversion of TimeZones. These are steps/process to achieve it. 1. Central code for storing user's state about TimeZone. Also, central code for conversion logic based on TimeZones. 2. Dependency injection for the above class to ...

Making FluentValidation compatible with Swagger including Enum or fixed List support

FluentValidation is not directly compatible with Swagger API to validate models. But they do provide an interface through which we can compose Swagger validation manually. That means we look under FluentValidation validators and compose Swagger validator properties to make it compatible. More of all mapping by reading information from FluentValidation and setting it to Swagger Model Schema. These can be done on any custom validation from FluentValidation too just that proper schema property has to be available from Swagger. Custom validation from Enum/List values on FluentValidation using FluentValidation.Validators; using System.Collections.Generic; using System.Linq; using static System.String; /// <summary> /// Validator as per list of items. /// </summary> /// <seealso cref="PropertyValidator" /> public class FixedListValidator : PropertyValidator { /// <summary> /// Gets the valid items /// <...

Architecture solution composting Repository Pattern, Unit Of Work, Dependency Injection, Factory Pattern and others

Project architecture is like garden, we plant the things in certain order and eventually they grow in similar manner. If things are planted well then they will all look(work) great and easier to manage. If they grow as cumbersome it would difficult to maintain and with time more problems would be happening in maintenance. There is no any fixed or known approach to decide project architecture and specially with Agile Methodology. In Agile Methodology, we cannot predict how our end products will look like similarly we cannot say a certain architecture will fit well for entire development lifespan for project. So, the best thing is to modify the architecture as per our application growth. I understand that it sounds good but will be far more problematic with actual development. If it is left as it is then more problems will arise with time. Just think about moving plant vs a full grown tree. Coming to technical side, In this article, I will be explaining about the various techniques ...

Handling JSON DateTime format on Asp.Net Core

This is a very simple trick to handle JSON date format on AspNet Core by global settings. This can be applicable for the older version as well. In a newer version by default, .Net depends upon Newtonsoft to process any JSON data. Newtonsoft depends upon Newtonsoft.Json.Converters.IsoDateTimeConverter class for processing date which in turns adds timezone for JSON data format. There is a global setting available for same that can be adjusted according to requirement. So, for example, we want to set default formatting to US format, we just need this code. services.AddMvc() .AddJsonOptions(options => { options.SerializerSettings.DateTimeZoneHandling = "MM/dd/yyyy HH:mm:ss"; });

Using Redis distributed cache in dotnet core with helper extension methods

Redis cache is out process cache provider for a distributed environment. It is popular in Azure Cloud solution, but it also has a standalone application to operate upon in case of small enterprises application. How to install Redis Cache on a local machine? Redis can be used as a local cache server too on our local machines. At first install, Chocolatey https://chocolatey.org/ , to make installation of Redis easy. Also, the version under Chocolatey supports more commands and compatible with Official Cache package from Microsoft. After Chocolatey installation hit choco install redis-64 . Once the installation is done, we can start the server by running redis-server . Distributed Cache package and registration dotnet core provides IDistributedCache interface which can be overrided with our own implementation. That is one of the beauties of dotnet core, having DI implementation at heart of framework. There is already nuget package available to override IDistributedCache i...

Using LINQ to Entity efficiently with First/FirstOrDefault/Last/LastOrDefault/Single/SingleOrDefault

We generally use these extension methods First/FirstOrDefault/Last/LastOrDefault/Single/SingleOrDefault with predicates like ctx=> ctx.Model.FirstOrDefault(item => item.Id == 1 ) Or ctx=> ctx.Model.Where(item => item.Id == 1 ).FirstOrDefault() What is the problem with these? FirstOrDefault or similar methods immediately loads all data at once. So, let's say we have fifty columns on table then all those columns data would be retrieved from DB and saved into memory. This link gives a fair idea of different function behavior.  https://msdn.microsoft.com/en-us/library/bb882641.aspx .  So, even if we require only one value from selected field it retrieves all values. What is the solution? The solution is pretty simple. Whenever we need selected items better to do projection before calling FirstOrDefault or similar methods. Ex: Selecting single item ctx.Model.Where(itm => itm.Id == 1) .Select(itm => itm.Name).FirstO...

Kendo MVC Grid DataSourceRequest with AutoMapper

Kendo Grid does not work directly with AutoMapper but could be managed by simple trick using mapping through ToDataSourceResult. The solution works fine until different filters are applied. The problems occurs because passed filters refer to view model properties where as database model properties are required after AutoMapper is implemented. So, the plan is to intercept DataSourceRequest  and modify names based on database model. To do that we are going to create implementation of  CustomModelBinderAttribute to catch calls and have our own implementation of DataSourceRequestAttribute from Kendo MVC. I will be using same source code from Kendo but will replace column names for different criteria for sort, filters, group etc. Let's first look into how that will be implemented. public ActionResult GetRoles([MyDataSourceRequest(GridId.RolesUserGrid)] DataSourceRequest request) { if (request == null) { throw new Argume...

Configuring Ninject, Asp.Net Identity UserManager, DataProtectorTokenProvider with Owin

It can be bit tricky to configure both Ninject and Asp.Net Identity UserManager if some value is expected from DI to configure UserManager. We will look into configuring both and also use OwinContext to get UserManager. As usual, all configuration need to be done on Startup.cs. It is just a convention but can be used with different name, the important thing is to decorate class with following attribute to make it Owin start-up: [assembly: OwinStartup(typeof(MyProject.Web.Startup))] Ninject configuration Configuring Ninject kernel through method which would be used to register under Owin. Startup.cs public IKernel CreateKernel() { var kernel = new StandardKernel(); try { //kernel.Bind<IHttpModule>().To<HttpApplicationInitializationHttpModule>(); // TODO: Put any other injection which are required. return kernel; } catch { kernel.Dispose(); thro...

Visual Studio 2015 Code Analyzer and configuration with StyleCop

What is Diagnostic/Code Analyzer? To put it simply it is something similar to Resharper or Telerik JustCode. It analyzes codes while writing on code editor and suggest for improvements of codes through Squiggles, light icon and based on various severity. How it works? I had mentioned that it is similar to Resharper and Telerik JustCode but internal infrastructure is completely different. It is dependent on new compiler Roslyn . Roslyn has a clever compile technique, unlike older version which makes it faster and flexible for dynamic compilation without the need of the entire code base. The structure is basically divided into two categories Syntax Tree , and Semantic Model . The syntax tree is related to syntaxes only it does not require any reference check. It can be related to DOM elements structure in case of HTML.  Syntax Tree consists of very fine details as simple as WhiteSpace under the code. The Semantic Model is kind of references of Syntax Tree in which it ...

Channel, ChannelReader and ChannelWriter to manage data streams in multi-threading environment

I came across Channel class while working with SignalR which looks really interesting. By looking into NuGet packages ( https://www.nuget.org/packages/System.Threading.Channels ), it seems just 4 months old. The Channel class provides infrastructure to have multiple reads and write simuletensely through it's Reader and Writer properties. This is where it is handy in case of SignalR where data streaming needs to be done but is not just limited to that but wherever something needs to be read/write/combination of both in a multi-threading environment. In my case with SignalR, I had to stream stock data at a regular interval of time. public ChannelReader<StockData> StreamStock() { var channel = Channel.CreateUnbounded<StockData>(); _stockManager.OnStockData = stockData => { channel.Writer.TryWrite(stockData); }; return channel.Reader; } The SignalR keeps return type of ChannelReader<StockData> open so that whatev...