ASP.NET Authentication with Identity Jump Start Adam Tuliper | Technical Evangelist, Microsoft Jeremy Foster | Technical Evangelist, Microsoft
Meet Adam Tuliper | @AdamTuliper Technical Evangelist, Microsoft Focused on Web, Gaming, and Cloud Technologies Emphasis on secure development practices 20 years of industry experience as software architect Enterprise, startups, public sector, defense, healthcare, financial industries channel9.msdn.com/Blogs/AdamTuliper Video content adamtuliper.com
Meet Jeremy Foster | @codefoster Developer Evangelist, Microsoft Honing in on web platform, Windows apps, and Azure Blogging at http://codefoster.com Author, presenter, coder http://codefoster.com/codechat http://codefoster.com/codeshow
Course Topics ASP.NET Authentication with Identity 01 | Overview of Identity 04 | Two Factor Authentication 02 | Using Database Users 05 | Migrating Membership to Identity 03 | oAuth and Social Providers 06 | Identity Tips & Recommendations
Join the MVA Community! Microsoft Virtual Academy Free online learning tailored for IT Pros and Developers Over 1M registered users Up-to-date, relevant training on variety of Microsoft products “Earn while you learn!” Get 50 MVA Points for this event! Visit http://aka.ms/MVA-Voucher Enter this code: CustASPAuth (expires 12/22/2014)
01 | Overview of Identity Adam Tuliper | Technical Evangelist, Microsoft Jeremy Foster | Technical Evangelist, Microsoft
Module Overview What is Identity? A history lesson Architecture of ASP.NET Identity Template Walkthrough
What is ASP.NET Identity?
What is ASP.NET Identity? Identity is Users, Authentication, Authorization *Everyone has a different definition Identity works with OWIN middleware and Identity system. It is a claims based system Stores login, claims, roles
What does ASP.NET Identity Support? oAuth / OpenId Organizational – AD, Azure AD, Office 365 Allows SSO Individual database backed auth Custom data stores (extendable) Roles Claims Note, Windows auth doesn’t fit in here
What is SSO? Single Sign On User provides same credentials to access multiple services User provides credentials once to access multiple services
What are Claims? Identity makes extensive use of Claims User delivers claims to your app Where do they come from? Serialized in secured token Can contain much information about user Roles are single valued Ex “Admins” Claims are key/value per user Ex “Facebook Access Token”, “CAAVl6UvghVkBAIGZB…”
A history lesson
History of ASP.NET account services Nov 2005 ASP.NET 2.0 – Introducing Membership! SQL Server, SQL Express May 2012 Universal Providers (First NuGet) SQL CE, Azure, one provider to access all SQL Aug 2012 Simple Membership Sourced in Web Pages, came to MVC / Web Forms Oct 2013 ASP.NET Identity v1 Completely new model Mar 2014 ASP.NET Identity v2 Two factor, account lockout, confirmation, reset, etc Oct 2014 (alpha) ASP.NET 5 – Identity v3 Thus far, plumbing changes to work with ASP.NET 5
Architecture of ASP.NET Identity
It’s all about the bits Source code available https://github.com/aspnet/Identity https://github.com/aspnet/security Note these will take you to current bits Contribute – we want your ideas!
KATANA & OWIN Identity uses security middleware Microsoft’s OWIN Implementation is Project Katana for v1, v2 Katana now fully integrated into ASP.NET 5 No longer called Katana in Identity v3 OWIN defines easy interface for items to communicate Middleware gets IDictionary<string, object> ASP.NET Identity can be hosted in any OWIN hosted app
Managers and Stores Managers Stores High-level classes Operations such as create user Talks to stores via Interface (ie pluggable) Stores Talks to data access layer Store users, roles, claims
Key Components – TODO: v2 Components Security Middleware Microsoft.AspNet.Security.Facebook Microsoft.AspNet.Security.Google Microsoft.AspNet.Security.MicrosoftAccount Microsoft.AspNet.Security.Oauth Microsoft.AspNet.Security.Twitter Microsoft.AspNet.Security Identity Microsoft.AspNet.Identity Microsoft.AspNet.Identity.EntityFramework
Class overview (don’t stare too long) IdentityUser – That’s you IUser EmailService, SmsService – Notified during 2-factor authentication IIdentityMessageService UserManager - Apis to CRUD user, claim, & auth info via UserStore RoleManager – Apis to CRUD roles via RoleStore UserStore – Talks to data store to store user, user login providers, user claims, user roles, IUserStore, IUserLoginStore, IUserClaimStore, IUserRoleStore RoleStore – Talks to the data store to store roles SigninManager – High level api to sign in (single or two factor)
Let’s simplify!! IdentityUser – That’s you with your properties. UserName, Email, Email Verified EmailService, SmsService – Notified during 2-factor authentication ApplicationUserManager – You call this to manage users. Talks to UserStore SigninManager – You call this to sign-in a user Pretty easy right?
Web template walkthrough
Resources OWIN Documentation https://github.com/owin/owin/blob/master/owin.md See latest code on github.com/aspnet/ https://github.com/aspnet/Identity https://github.com/aspnet/security