How to use Oauth in ASP.NET 5?

Asked

Viewed 220 times

6

In versions prior to ASP.NET 5, there was a middleware called "Oauth Authorization Server Middleware" that allowed adding an Oauth server to the pipeline and setting up token generation. The middleware was easy to use, worked well and gave access to the most relevant settings.

It turns out that when I started using ASP.NET 5 I realized that this middleware no longer exists. I searched Github and found that there is no intention to port this middleware to the new version of the framework. What they are doing is encouraging the use of Identity Server 3.

I looked at some of Identity Server 3 and, although it is something very well done, I didn’t like the idea of depending on it for some reasons:

  1. The Oauth Authorization Server Middleware was something that came "clean" and we set it up in hand. From what I’ve seen Identity Server 3 comes with many things already done and what can be done is choose not to use one or the other functionality. I particularly prefer to set up in hand just what I really need.

  2. Identity Server 3 does not work on Core CLR. The problem with this is that I at least found it advantageous to work with . NET Core. Only Identity Server 3 only works on . Full NET and it seems that not so soon will make a version for . NET Core. That way, just to have basic authentication features in my API I would need to give up . NET Core.

I did some research and what I got closer to was basically two options:

  1. Using a community project called "Aspnet.Security.Openidconnect.Server", which although it sounds interesting, seems to deal with Openid instead of Oauth, which by my research, are different things.

  2. Code an Oauth server. I find this option bad, first because I am not an expert in security and certainly would leave gaps and second because it would not be very productive.

So, I would like to know those who are already working with ASP.NET 5: how to use Oauth in ASP.NET 5 without losing the possibility of using . NET Core? I’m talking about Oauth, because it’s the best way I know to implement Web API authentication, if there’s another way that works better in ASP.NET 5 I’d also like to know.

asp.net security-guard asp.net-web-api oauth asp.net-core

  • This article by a friend may be able to clarify some points: https://medium.com/@Gabriel.faraday.barros/adfs-angular-Asp-net-core-api-5fc61ae89fb3 Any questions, you can talk to him, have already had good experiences with authentication in WEB applications .NET. Hugs

  • Have you looked at the Identity Server 4? (i do not know, just found in the search result by . net core)

No answers

Browser other questions tagged asp.net security-guard asp.net-web-api oauth asp.net-core

You are not signed in. Login or sign up in order to post.