Part 1 : Asp.Net Core Authentication Using Identity
Lets set the context
Do you remember this control offered by classic Asp.Net
This is login control offered by classic Asp.net , which was a popular control .
Different modes of Authentication in classic Asp.net are
- Windows Authentication .
- Forms Authentication .
- Passport Authentication .
Which are used to validate the username and password that are keyed in by the end user . But what about profile information of the logged in user , that is been fetched using
This is login control offered by classic Asp.net , which was a popular control .
Different modes of Authentication in classic Asp.net are
- Windows Authentication .
- Forms Authentication .
- Passport Authentication .
Which are used to validate the username and password that are keyed in by the end user . But what about profile information of the logged in user , that is been fetched using
Classic Membership
Membership is hard to customize also database schema is designed for SQL Server only to store data for users. Because it uses SQL Server database, it was hard to move data to other data sources, especially to non-relational databases like MongoDB .
Membership is hard to customize also database schema is designed for SQL Server only to store data for users. Because it uses SQL Server database, it was hard to move data to other data sources, especially to non-relational databases like MongoDB .
Simple Membership
Simple Membership is improved version of Classic membership, it provides flexibility to customize user profiles.But Simple Membership still not addressed some other major problems like usage of other database or non-relational database to store data for persistence,
cannot use other membership providers, hard to implement OWIN.
And here comes the Savior !!!
Simple Membership is improved version of Classic membership, it provides flexibility to customize user profiles.But Simple Membership still not addressed some other major problems like usage of other database or non-relational database to store data for persistence,
cannot use other membership providers, hard to implement OWIN.
And here comes the Savior !!!
Asp.net Identity :
Is a new approach of Membership, which can be used to authenticate , save profile information and also supports newest requirement that includes external login with existing Facebook, Google, Twitter and so on.
Is a new approach of Membership, which can be used to authenticate , save profile information and also supports newest requirement that includes external login with existing Facebook, Google, Twitter and so on.
Features of Asp.net Identity :
- Asp.net Identity uses Entity Framework code first apporach, which implies schema changes can be updated, any data store that EF supports can be used to persist the user information .
- Two factor Authentications - Email/SMS , another step of authentication can be added can be Email or SMS.
- Identity is also a Roles Provider, where we can manage user Roles efficiently.
- Additionaly Identity also supports claims-based authentication , claims are superset of roles, roles just give a boolean value validating if a particular user exists in a database or not but Claims gets more information like email, phone,dob and so on, which is user personal information apart from roles information.
- Apart from regular username -password like login scheme, we can also include social login providers like microsoft , google and so on to our application
- Asp.net Identity uses Entity Framework code first apporach, which implies schema changes can be updated, any data store that EF supports can be used to persist the user information .
- Two factor Authentications - Email/SMS , another step of authentication can be added can be Email or SMS.
- Identity is also a Roles Provider, where we can manage user Roles efficiently.
- Additionaly Identity also supports claims-based authentication , claims are superset of roles, roles just give a boolean value validating if a particular user exists in a database or not but Claims gets more information like email, phone,dob and so on, which is user personal information apart from roles information.
- Apart from regular username -password like login scheme, we can also include social login providers like microsoft , google and so on to our application
What is IdentityServer 4 ??
In short , we can build the Authentication functionality, which was previously build using Login control in our classic aspx pages can now be build using IdentityServer with additional functionalites like two factor authentication, Social Login providers,claims and so on.
IdentityServer is middleware that adds the spec compliant OpenID Connect and OAuth 2.0 .
In short , we can build the Authentication functionality, which was previously build using Login control in our classic aspx pages can now be build using IdentityServer with additional functionalites like two factor authentication, Social Login providers,claims and so on.
IdentityServer is middleware that adds the spec compliant OpenID Connect and OAuth 2.0 .
Too many jargon's, OpenId, OAuth what are they ??
What is OpenId Connect ?
OpenId Connect is an authentication protocol , other contemporary authentication protocols are SAML2p, WS-Federation .
OpenId connect is built for mobile application scenarios right from the start and is designed to be API friendly
OpenId Connect is an authentication protocol , other contemporary authentication protocols are SAML2p, WS-Federation .
OpenId connect is built for mobile application scenarios right from the start and is designed to be API friendly
What is OAuth2.0 ?
OAuth2 is a protocol that allows applications to request access tokens from a security token service a.k.a STS and use them to communicate with APIs.
The user profile information(claims) after authentication is been verified is passed to the requesting authority (can be a user or Webapplication ) via a medium called as tokens (for eg : Json Web Tokens JWT's) .
IdentityServer 4 = OpenId Connect + OAuth2.0
OAuth2 is a protocol that allows applications to request access tokens from a security token service a.k.a STS and use them to communicate with APIs.
The user profile information(claims) after authentication is been verified is passed to the requesting authority (can be a user or Webapplication ) via a medium called as tokens (for eg : Json Web Tokens JWT's) .
IdentityServer 4 = OpenId Connect + OAuth2.0
IdentityServer4 is an implementation of these two protocols and is highly optimized to solve the typical security problems of today’s mobile, native and web applications.
Do we have any alternative approaches for IdentityServer4
Do we have any alternative approaches for IdentityServer4
Good Info Ajay.
ReplyDeleteKeep Posting.Lets celebrate Learning 😊