IdentitySamples
IdentitySamples copied to clipboard
jelledruyts
Demonstrates modern claims-based identity scenarios for .NET developers
Identity Samples
Introduction
This repository contains a Visual Studio solution that demonstrates modern claims-based identity scenarios for .NET developers, with a particular focus on authentication and authorization using Azure Active Directory and/or Windows Server Active Directory Federation Services.
It is based on the official Azure Active Directory samples repository, but with the main difference that it contains a single solution to show multiple integrated scenarios instead of having multiple separate solutions for each scenario.
IMPORTANT NOTE: The code in this repository is not production-ready. It serves only to demonstrate the main points via minimal working code, and contains no exception handling or other special cases. Refer to the official documentation and samples for more information. Similarly, by design, it does not implement any caching or data persistence (e.g. to a database) to minimize the concepts and technologies being used.
Scenario
- There is a Todo List service which stores simple todo items for users. A todo item has a title and a category.
- Categories can be either public (for all users) or private (only for the user that created it) and are maintained in a separate Taxonomy service (to show delegated on-behalf-of access from one service to another).
- The Todo List service can be accessed via a number of client applications.
Setup
To use these samples, run the "Setup.ps1" PowerShell script in the "Setup" folder. This script allows you to:
- Create a client certificate (for the daemon service)
- Register all applications in Azure Active Directory and/or AD FS (storing the registered Client ID's and other configuration details in an XML file)
- Update the various configuration files in the solution with the values from the identity server (as stored in the XML file mentioned above)
Implementation
| Project | Purpose | Protocol | Technology | Library/API |
|---|---|---|---|---|
| TaxonomyWebApi | Taxonomy service | OAuth 2.0 Bearer Tokens | ASP.NET Core Web API | Microsoft.AspNetCore.Authentication.JwtBearer |
| TodoListWebApi | Todo List service | OAuth 2.0 Bearer Tokens; OAuth 2.0 On-Behalf-Of | ASP.NET Web API | Microsoft.Owin.Security.ActiveDirectory (Katana) |
| TodoListWebApp | Server-side web application | OpenID Connect; OAuth 2.0 Authorization Code Grant, Confidential Client | ASP.NET MVC | Microsoft.Owin.Security.OpenIdConnect (Katana) |
| TodoListWebCore | Server-side web application | OpenID Connect; OAuth 2.0 Authorization Code Grant, Confidential Client | ASP.NET Core | Microsoft.AspNetCore.Authentication.OpenIdConnect |
| TodoListWebSpa | Client-side Single Page Application (SPA) | OAuth 2.0 Implicit Grant | AngularJS | ADAL.js |
| TodoListWpf | Windows desktop application | OAuth 2.0 Authorization Code Grant, Public Client | WPF | Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL .NET) |
| TodoListConsole | Windows desktop application | OAuth 2.0 Authorization Code Grant, Public Client | Console | Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL .NET) |
| TodoListDaemon | Non-interactive daemon service | OAuth 2.0 Client Credential Grant, Confidential Client with Certificate authentication | Console | Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL .NET) |
| TodoListUniversalWindows10 | Windows Store application | OAuth 2.0 Authorization Code Grant, Public Client | Windows 10 Universal App | WebAuthenticationCoreManager |
The implementation details of these scenarios are easily found in the code by searching for "[SCENARIO]". Other notable remarks can be found by searching for "[NOTE]".
Metadata
Owner
jelledruyts
Metadata
Demonstrates modern claims-based identity scenarios for .NET developers