This document discusses Identity Server and authentication. It introduces Chris Holwerda and his background. It then covers topics like today's authentication landscape, security token services, identity servers, claims, tokens, and building an identity server demo using ASP.NET MVC, ASP.NET Web API, and external providers like Facebook and Google. Potential gotchas with claim and token sizes are also mentioned.
2. About me
Chris Holwerda
Architect and Developer for 20 years.
Currently a consultant for Neudesic.
@cholwerda
www.chrisholwerda.com
therealchrisholwerda@gmail.com
4. Security Token Service
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
https://identityserver4.readthedocs.io/en/release/intro/big_picture.html
5. Identity Server
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
https://identityserver4.readthedocs.io/en/release/intro/terminology.html
6. Claims
Identity information about a user
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
Examples
sub 12345
name John Doe
given_name John
family_name Doe
website www.johndoe.com
email john@johndoe.com
phone_number 620-867-5309
7. Tokens
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
Identity Token
Identifying information for a user
and authentication info.
Access Token
Allows access to an API resource.
Contains info about the client
and the user
Refresh Token
Allows requesting new access
tokens without user interaction.
One time password.
https://jwt.io
/
8. What are we going to build
today?
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
ASP.NET MVC
App
ASP.NET MVC
Web Api
9. Demo – Local Store
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
10. Demo – Facebook
https://developers.facebook.com
Add App
Update Settings
◦ Update Website to allow authentication from (IdentityServer URL)
Use AppID / App Secret
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
12. Gotchas
You will need to do some legwork, it is not a boxed product
Be aware of Claim and Token Size as they will have an impact on
performance
Be aware of Refresh Tokens and any expiry implementation
Use .NET Core 1.1 for Identity Server
◦ As of 10/5 , .NET CORE 2.0 Implementation is now available !!
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA