Does anyone have any examples or advice for how to go about using oAuth to provide the authentication mechanism for an API that should be publicly exposed?
Specifically I'm talking about being an oAuth provider for my own API, not integrating or authenticating with anyone else's API.
For example, I wish to be able to issue API keys to developers that they can use to authenticate and access my API, much in the same way Flickr does, and as far as I believe oAuth can support this, but I'm not sure how the solution would be structured?
It appears that DotNetOpenAuth has an example by the way of the OAuthSeviceProvider project in the Samples folder included in the distribution. It's written in WinForms and isn't cleanly written but definitely serves as a good starting point.
Related
I'm developing some small services that interact with a .net framework application. These services have UI components that require authentication and will be hosted separately, but we have a requirement to use the existing login page. I'm hoping to set up IdentityServer4 as an authorization authority, and set up the legacy application as a OIDC provider.
The problem is that I have yet to find any information on how to do that in .net framework. I can't convert the legacy application to use .net core or owin hosting, which rules out identityserver3/4 as providers. DotNetOpenAuth is not certified as a provider and does not appear to provide a standard openid interface.
What libraries or patterns can I use to solve this problem?
EDIT: after some review, what I'm mostly looking for is a middleware that would let me convert a webforms authentication to an OIDC identity.
Well.. you can start by reading http://openid.net/specs/openid-connect-core-1_0.html..
I faced the same problem a month back..
There are probably 4-6 specification documents that are dependent on this. you would have to read those as well (there is no shortcut) and you might want to start by making sequence diagrams on the get and post requests..
Amongst all this , read and implement a small jwt project which will help clear out your conception on how bearer tokens are used ( this involves how to create and validate bearer tokens)
Once you know jwt and have the sequence diagrams with you.. you can make improvisations and add more parameters..OpenId would seem relatively simpler
Also, do not forget to test your application with a third party client like postman or fiddler.
Hope this helps! All the best.
I'm starting a side project that will integrate heavily with Facebook. I'm going to use React in the front-end and it will talk to a REST ws made with asp.net core web api.
The idea is that in this API I will make the calls to Facebook.
Basically, I want to: login, get/post messages from Messenger, get/post comments and messages from a business page.
I googled a little and didn't find many resources or examples of how to do this integrations other than the Facebook documentation, that has a lot of stuff and I don't know very well where to look.
I also found this SDK for .NET but it looks a bit dated https://github.com/facebook-csharp-sdk/facebook-csharp-sdk and
So, my question is: Is reading the documentations entirely really the best solution?
If anyone could at least give me a hint where to go I'd be really thankful. Would it be better/easier to integrate with Facebook with other stack than c#/asp.net?
Also, if there's any other API, SDK or something already built in .NET that would help with that I'd be grateful.
Thanks in advance.
I am one of .net developers working with Facebook API more then 5 years and we have tried to use "Facebook SDK for C#". It has more issues then benefits. In result we end up with our own small Facebook API client. Basically it is just a "RestSharp" HTTP library, "Newtonsoft.Json" for serialization/deserialization and couple of generic functions where you supply Facebook API endpoint, and specify what class you expect back as generic parameter.
var accounts = client.Get<Accounts>("me/accounts");
var createResponse = client.Post<CreateResponse>("123456779/feed", postToCreate);
Facebook SDK for C# works great for standard .NET
https://hackerapp.com/net/
https://github.com/facebook-csharp-sdk/facebook-csharp-sdk
As for .NET Core I think you are out of luck at the moment. Unless you want to port it to .NET Core yourself.
Automated Customer Service bots are not uncommon in FB, but code is hard to find. I assume you had setup you App's domain and got it reviewed and approved by FB.
I tried to set a chat-bot with both, python and .NET, and I must say the python Api is much more complete, quick, and less buggy than the C# one. But, as far as I know, only the PyApi has integrated reactions (haven't tried them).
Therefore, you will need to do this manually by using the Facebook Api by sending direct GET/POST request triggered by your ASP.NET, or use some kind of inter-language platform such as IronPython to workaround the problem (which basically assembly the call, add the Key and secret, and CURL-it).
As final remark (not a very motivating one), there is documentation for post reactions, but not for message as you can see here (posts), and here (messenger).
You can perform a lot of the facebook operations on the client side using their javascript SDK.
https://developers.facebook.com/docs/javascript
In regards to getting up to speed on server side API calls from .NET you can check out the facebook graph api explorer. It can be helpful for discovery.
https://developers.facebook.com/tools/explorer/
In case someone is looking for this topic, I had the same needs myself. After not finding a Facebook SDK to use with .NET Core, I've created a new open source .NET Standard unofficial SDK for Facebook: https://github.com/developer82/FacebookCore
We have a whole bunch of clients that want us to start using their ADFS to allow their users into our web app using Single-Sign-On.
After reading up on WIF (which seemed to be the solution at first but is deprecated in VS 2013...), OWIN, oAuth, OpenID Connect, I'm completely confused as to the simplest way to implement SSO.
What is the best and simplest technology to use to implement SSO on an existing VS 2013 json restful service written in C#?
Ideally the technology would already be part of .NET.
Are there any code samples or tutorials out there for this scenario?
assuming that you want to consume your service from native clients, I would recommend that you protect your service using Web API middleware (which was already supported via OWIN middleware in VS2013) and implement your clients using the ADAL library. For a post specifically on ADAL and ADFS, see this. For more details on the Web API side of the solution, see this. If you want to target a variety of client platforms, you can find a complete collection of samples (for Azure AD, but easy to modify for ADFS) here.
This can be implemented through WSO2 IS as Relying Party in ADFS. When we will implement this setup the outcome/Income claims will be main source for User Profile load to WSO2IS for authentication and pass the SAML Response to SP(End URL of your application).
Refer the below links to configure WSO2 IS as relying party for ADFS and WSO2 IS configuration too.
https://omindu.wordpress.com/2015/06/19/setting-ad-fs-3-0-as-federated-authenticator-in-wso2-identity-server/
SSO would mean its Active Directory driven, or direct to IIS machine.config authentication instead of a web.config, but also considering the "simplest technology" you've mentioned, then this must be a call for something simple yet you can transform into what you really desire.
With this, we can refer to token-based web services authentication.
Here's a sample project from which I started and able to transform into something else. From here I think you can then change all authentications into AD or DB connect, or even both across your web services.
http://www.codeproject.com/Articles/9348/Web-Service-Authentication?fid=145460&df=90&mpp=25&prof=False&sort=Position&view=Normal&spc=Relaxed&fr=26#xx0xx
hopefully this would help.
I am trying to set up an IDP-Initiated SSO. I am helping out the IT department at the company I work at and do not have access to Active Directory right now (I am in intern doing IT in another department and they seem to think I can test without it).
The only data I need to get from AD is the user's login id, so in theory I don't think not having access to AD will be a problem...?
(Username should be the same as .NET's:
`Environment.UserName; ')
My task is to basically create a SAML token and send it to our RP (on another domain), who should take care of the rest.
Where can I start? I've not done something like this, so I'm sort of confused. I believe I just need to build a token and then post it, but I'm not sure how to begin. I've looked at some tutorials but they don't seem to fit my situation. If anyone has any tutorials on my specific case it would be much appreciated.
Thank you!
You've tagged this C# and .NET so looks like you live in the Microsoft world.
The normal way to do this is via ADFS and then configure your RP.
But you want to do IDP Initiated which is a SAML feature. What protocol does your RP support? There is no client-side Microsoft SAML support - although there are 3rd party tools.
Update
Suggest using ADFS - good example of how to configure here.
Years ago I wrote a 6 part tutorial on integrating a custom STS with the ADFS. Part 2 of that tutorial is on creating a custom STS.
http://www.wiktorzychla.com/2011/08/quest-for-customizing-adfs-sign-in-web.html
Note that the tutorial aims at WIF 4 that was a separate download at that time. Nowadays, WIF is integrated with .NET 4.5 so that some subtle details (namespaces etc) can vary.
Also note that WIF supports SAML 1.1.
Can someone please provide me with the workflow required to be able to simply post a message to my Facebook page? From what I have read, DotNetOpenAuth 4.1 does not support Facebook's OAuth 2.0 protocol? If someone has a better suggestion for an OAuth2 library, I'd like to hear it and if you can provide an example of how to post a message to a Facebook page, that'd be great!
Also, this is a Winforms application, not a Web Application.
OAuth2 clients are simple enough to write that you almost don't need a library. Try following the Facebook documentation yourself using HTTP calls in your winforms app and see if you can get it to work.
For client apps like winforms, the trickiest part can sometimes be that there isn't an obvious redirect URL.
DotNetOpenAuth 4.x does support Facebook (by implementing workarounds for FB's non-compliance with the spec).
I generally use ComputerBeacon Libarary. It is quite fluent
http://computerbeacon.net/library/facebookgraphtoolkit