AspNetAuthenticationWorkshop | various new pieces in ASP.NET Core Authentication
kandi X-RAY | AspNetAuthenticationWorkshop Summary
kandi X-RAY | AspNetAuthenticationWorkshop Summary
AspNetAuthenticationWorkshop is a C# library. AspNetAuthenticationWorkshop has no bugs, it has no vulnerabilities and it has low support. However AspNetAuthenticationWorkshop has a Non-SPDX License. You can download it from GitHub.
This is walk through for a ASP.NET Core Authentication Lab, targeted against ASP.NET Core 2.1 and VS2017/VS Code. This lab uses the Model-View-Controller template as that’s what everyone has been using up until now and it’s the most familiar starting point for the vast majority of people. Official [authentication documentation] is at
This is walk through for a ASP.NET Core Authentication Lab, targeted against ASP.NET Core 2.1 and VS2017/VS Code. This lab uses the Model-View-Controller template as that’s what everyone has been using up until now and it’s the most familiar starting point for the vast majority of people. Official [authentication documentation] is at
Support
Quality
Security
License
Reuse
Support
AspNetAuthenticationWorkshop has a low active ecosystem.
It has 177 star(s) with 28 fork(s). There are 21 watchers for this library.
It had no major release in the last 6 months.
There are 0 open issues and 3 have been closed. On average issues are closed in 87 days. There are no pull requests.
It has a neutral sentiment in the developer community.
The latest version of AspNetAuthenticationWorkshop is current.
Quality
AspNetAuthenticationWorkshop has 0 bugs and 0 code smells.
Security
AspNetAuthenticationWorkshop has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
AspNetAuthenticationWorkshop code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.
License
AspNetAuthenticationWorkshop has a Non-SPDX License.
Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.
Reuse
AspNetAuthenticationWorkshop releases are not available. You will need to build from source code and install.
Installation instructions, examples and code snippets are available.
AspNetAuthenticationWorkshop saves you 16 person hours of effort in developing the same functionality from scratch.
It has 46 lines of code, 0 functions and 35 files.
It has low code complexity. Code complexity directly impacts maintainability of the code.
Top functions reviewed by kandi - BETA
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of AspNetAuthenticationWorkshop
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of AspNetAuthenticationWorkshop
AspNetAuthenticationWorkshop Key Features
No Key Features are available at this moment for AspNetAuthenticationWorkshop.
AspNetAuthenticationWorkshop Examples and Code Snippets
No Code Snippets are available at this moment for AspNetAuthenticationWorkshop.
Community Discussions
No Community Discussions are available at this moment for AspNetAuthenticationWorkshop.Refer to stack overflow page for discussions.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install AspNetAuthenticationWorkshop
For this lab we’re going to setup an app which uses Google for login. First we need to configure HTTPS.
Check if you have a developer certificate run dotnet dev-certs https -c -v in your command line. If you have a certificate you will see "A valid certificate was found."
If no certificate was fund run dotnet dev-certs https --trust. You will see a popup from Windows asking you if you want to trust a certificate for localhost. Click yes and you will now have a certificate. If you’re on Linux trust will not work at certificate generation time, you’ll have to trust it in whatever browser you use. If you’re using Firefox you will also have to trust it in the browser as Firefox does not honour the OS certificate settings.
Run your application again, but this time browser to https://localhost:5001 and you should be able to connect over HTTPS.
You can force HTTP connections up to HTTPS by adding app.UseHttpsRedirection(); at the start of your Configure() method.
Next we will create an app with Google to support [Google sign in](https://developers.google.com/identity/sign-in/web/sign-in#before_you_begin)
Navigate to https://developers.google.com/identity/sign-in/web/sign-in and click the Configure A Project button. Create a new project called CoreAuthenticationLab.
At the Configure your OAuth client dialog select Web Server from the Where are you calling from? drop down and enter https://localhost:5001/signin-google as the authorized redirect URI.
Click Create.
Make a note of your Client ID and Client secret from the resulting screen then click the API Console link.
Click the Enable APIs and services button and in the search box enter Google+ API then select it. Click Enable.
Navigate to https://console.developers.google.com/apis/dashboard and in the drop down at the top of the screen choose your
Return to your code and replace startup.cs with the following code, putting your Client ID and Secret in the options properties.
Run the code, go through the google login screens, and you should see "Hello yourGoogleUserName!"
There is an XSS attack in the sample if the browser decided the page was HTML, so to address this, add the following before the WriteAsync call
Now let’s look at the events on the Google authentication service by adding some logging inside the events that authentication fires.
Events are part of the options class (you may need to add using Microsoft.AspNetCore.Authentication.OAuth; if your editor doesn’t prompt you to do this).
Make sure your authentication cookie is deleted (close your browser, or manually cull it) then browse to the web site again and watch the logging in the console.
Did you notice any difference? Why isn’t your user name greeting you any more?
Some events need things returned. Look at the documentation for the events, or the [source](https://github.com/aspnet/Security/blob/master/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs).
Note that the OnRedirectToAuthorizationEndpoint default implementation calls the redirect - this isn’t happening in your code any more, so add it back;
Now, take a look at the context properties inside OnCreatingTicket(). There’s some useful stuff in there, like the Google access token. What if I want to save that?
Let’s store the access token and refresh token google gives us in the identity we’re creating inside OnCreatingTicket as claims.
First we need names for the claims, so define some const values in the Startup class like so
Now inside the OnCreatingTicket event let’s use these names to create some new claims, with the appropriate values
And finally to check they persisted add some code inside the app.Run() lambda after the greeting;
Make sure your cookies have been cleared, run the application and browse to it.
How safe is this? Can you figure out from the cookie what the access token details are?
Let’s do something interesting with what google sends us.
Go back to the [Google API dashboard](https://console.developers.google.com/apis/dashboard), make sure your project is selected and click "Credentials".
Pull down the Create Credentials drop down and choose API key. Copy the value you’re given somewhere safe.
Replace the app.Run() lambda with the following, adding your API key in the appropriate place;
Rerun the application and look at how wonderful your Google profile image is.
Check if you have a developer certificate run dotnet dev-certs https -c -v in your command line. If you have a certificate you will see "A valid certificate was found."
If no certificate was fund run dotnet dev-certs https --trust. You will see a popup from Windows asking you if you want to trust a certificate for localhost. Click yes and you will now have a certificate. If you’re on Linux trust will not work at certificate generation time, you’ll have to trust it in whatever browser you use. If you’re using Firefox you will also have to trust it in the browser as Firefox does not honour the OS certificate settings.
Run your application again, but this time browser to https://localhost:5001 and you should be able to connect over HTTPS.
You can force HTTP connections up to HTTPS by adding app.UseHttpsRedirection(); at the start of your Configure() method.
Next we will create an app with Google to support [Google sign in](https://developers.google.com/identity/sign-in/web/sign-in#before_you_begin)
Navigate to https://developers.google.com/identity/sign-in/web/sign-in and click the Configure A Project button. Create a new project called CoreAuthenticationLab.
At the Configure your OAuth client dialog select Web Server from the Where are you calling from? drop down and enter https://localhost:5001/signin-google as the authorized redirect URI.
Click Create.
Make a note of your Client ID and Client secret from the resulting screen then click the API Console link.
Click the Enable APIs and services button and in the search box enter Google+ API then select it. Click Enable.
Navigate to https://console.developers.google.com/apis/dashboard and in the drop down at the top of the screen choose your
Return to your code and replace startup.cs with the following code, putting your Client ID and Secret in the options properties.
Run the code, go through the google login screens, and you should see "Hello yourGoogleUserName!"
There is an XSS attack in the sample if the browser decided the page was HTML, so to address this, add the following before the WriteAsync call
Now let’s look at the events on the Google authentication service by adding some logging inside the events that authentication fires.
Events are part of the options class (you may need to add using Microsoft.AspNetCore.Authentication.OAuth; if your editor doesn’t prompt you to do this).
Make sure your authentication cookie is deleted (close your browser, or manually cull it) then browse to the web site again and watch the logging in the console.
Did you notice any difference? Why isn’t your user name greeting you any more?
Some events need things returned. Look at the documentation for the events, or the [source](https://github.com/aspnet/Security/blob/master/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs).
Note that the OnRedirectToAuthorizationEndpoint default implementation calls the redirect - this isn’t happening in your code any more, so add it back;
Now, take a look at the context properties inside OnCreatingTicket(). There’s some useful stuff in there, like the Google access token. What if I want to save that?
Let’s store the access token and refresh token google gives us in the identity we’re creating inside OnCreatingTicket as claims.
First we need names for the claims, so define some const values in the Startup class like so
Now inside the OnCreatingTicket event let’s use these names to create some new claims, with the appropriate values
And finally to check they persisted add some code inside the app.Run() lambda after the greeting;
Make sure your cookies have been cleared, run the application and browse to it.
How safe is this? Can you figure out from the cookie what the access token details are?
Let’s do something interesting with what google sends us.
Go back to the [Google API dashboard](https://console.developers.google.com/apis/dashboard), make sure your project is selected and click "Credentials".
Pull down the Create Credentials drop down and choose API key. Copy the value you’re given somewhere safe.
Replace the app.Run() lambda with the following, adding your API key in the appropriate place;
Rerun the application and look at how wonderful your Google profile image is.
Support
For any new features, suggestions and bugs create an issue on GitHub.
If you have any questions check and ask questions on community page Stack Overflow .
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
