How to create token in ASP.NET Core
Sztuka programowania 2286 dni, 9 godzin, 22 minuty temu 138 źrodło rozwiń
Słyszeliście o JSON Web Token-ach? Zapewne tak. W sieci pełno jest artykułów o wadach, zaletach, wykorzystaniu w implementacjach OAuth2 czy OIDC. Czy to znaczy, że napisano o nich wszystko, co się da? Przemilczę odpowiedź i dorzucę własną, mam nadzieje, że przydatną, cegiełkę. Trochę z własnych obserwacji, jednak podejrzewam, że bliskich prawdzie, zakładam, że JWT to dzisiejszy standard zabezpieczania API. Pomimo, iż np. ze specyfikacji PASETO zaczyna powoli wyrastać coś ciekawego, jeszcze długa droga ...
Sztuka programowania 2334 dni, 1 godzinę, 26 minut temu 146 źrodło rozwiń
Recently, I was struggling with the SSO authentication. At first I did pick up JSON Web Token which of course is a legitimate option, however, I was forced to share the secret key between different parties, as I decided to use HMAC. Not so long ago I decided to switch to the RSA instead and I’d like to present you both solutions using ASP.NET Core.
Sztuka programowania 2706 dni, 17 godzin, 19 minut temu 142 źrodło rozwiń
A few days ago I showed you how to combine Nancy with Autofac and ASP.NET Core IoC. Today’s post will be related to the security and more precisely JWT authentication. Before moving further, I’d like to mention that below text is going to be the last Nancy-related one (at least for now). In a next couple weeks, we’ll explore the world of graph databases with Neo4j and .NET Core, so I hope you’re as excited as I do 😉 How does JWT authe...
Daj się poznać 2017 2806 dni, 19 godzin, 48 minut temu 77 źrodło rozwiń
Lately I’ve seen some posts about authentication made easy and simple with various packages and how it’s great we doesn’t haven’t to store logins and passwords in our databases anymore due to global availability of social identity providers. It’s true that making simple authentication with of of those providers is simple today. And in Azure App Services it’s even simpler, it really can be done in 5 minutes.
Daj się poznać 2017 2807 dni, 19 godzin temu 42 źrodło rozwiń
Authentication The topic looks obviously obvious and generally speaking standard user doesn’t care much about the details. He wants to register, login, and make sure that his password is safe. The more you read and learn, the more sophisticated requirements you have for protection, state management on the server and client side, the more things are getting complicated. The problem with authentication is basically about: how does one prove that he is the guy that he’s pretending to be? In the world of w...
Daj się poznać 2016 3128 dni, 9 godzin, 4 minuty temu 86 źrodło rozwiń
In this post we’ll focus on security. We’ll try to prove that claims base authentication is safe. As we remember SAML tokens are issued by “trusted” STS. But what exactly does “trusted” issuer mean? In this post, we’ll try to find definition of “trusted issuer”, a list of attributes which decide that issuer is trusted.
Architektura 3404 dni, 10 godzin, 29 minut temu 104 źrodło rozwiń
In this article we focus on sample service based on WCF (Windows Communication Foundation), as we will only try to build sample service with claims-based authentication and authorization. All technical aspects connected with security e.g. configuration, certificates, encryption, signature or CRL will be described in details in the next posts.
Architektura 3475 dni, 9 godzin, 10 minut temu 146 źrodło rozwiń
In the previous article basic information about authentication and authorization process on .Net has been presented. Security Token Service is an integral part of claim based approach. As we remember from the previous article, STS is responsible for handling user’s requests and creating tokens; it can also work in two modes: active and passive. In this article we focus on Active STS, as we will only try to build sample STS.
Architektura 3509 dni, 20 godzin, 33 minuty temu 167 źrodło rozwiń