secure systems external login This is a topic that many people are looking for. cfcambodge.org is a channel providing useful information about learning, life, digital marketing and online courses …. it will help you have an overview and solid multi-faceted knowledge . Today, cfcambodge.org would like to introduce to you Part 3. ASP.NET Authentication and Authorization | Identity: External Login Provider. Following along are instructions in the video below:
Customizing ASP.NET Auth Identity: External Login Provider
Hello everybody and welcome back to module three on this jumpstart on aspnet identity. We we are getting some good information from adam tulip err thank you very much adam you thank you and we’re gonna continue on what are we looking at now oh we are gonna talk about looking at external login providers. What we’re gonna talk about today.
I think this is a fun topic. I really i really love getting out of just the you know the first party authentication and getting into the third party. It’s a new world right and years ago.
We didn’t have any of this now you can say ballot in here right you want to log in to use your facebook logins. We see that all the time you’re on a new site and we’re at having you register with a new site you can just register with twitter facebook all these other services. So we’re gonna talk about how to use some of those services.
Today let’s check out our module overview here when we talk about external login providers. We’re gonna be covering what is a off since a lot of that works with oauth behind the scenes and it’s a big mystery to a lot of folks. Some of it’s still a mystery to me so i’ll tell you some of the stuff that i know and how i piece it together and how does identity use oauth and integrating with other social providers and other providers.
We’re gonna actually look at a one with azure as well what is a auth how auth is a protocol. What does that mean okay so it’s a method of communicating. It’s a predefined format to communicate with other systems.
So it’s not necessarily. A library that you have to download and use nope. Although there are libraries sure yep okay.
It’s a defined protocol and how to communicate to the basic idea is to allow you the user to authorize even authenticate with some remote system and not have to share the credentials with somebody you don’t want to so you have to be on that news website and they say hey you can post a comment. Here. But you have to sign in create it in the counter on our site.
Or you can use your facebook great it’s easy quick quick type type type. I’m done i’m using my facebook account and i’m posting some comment in the blog right it makes it really easy to do so i don’t want to share my credentials with your application my application my website the news website. Facebook’s got them i don’t need them given you so that’s we’re off comes to play.
And it’s and it’s actually a hugely important. If you are providing some sort of a service or a website or a web application online guaranteed some subset of the potential visitors or users of your service are going to be concerned about are gonna be seriously concerned about privacy and they’re not interested in giving credentials to yet another service and they may just opted not to do it absolutely. But if they know that when they come to you they don’t have to think about whether or not there’s a trust relationship.
Here do i know the organization do i know that the developers aren’t gonna kind of you know swipe my my password on the way in then there’s a much greater likelihood that they’re actually going to sign up for your service. And that’s what you want absolutely so let’s talk about then why you would use oauth you touch upon some of the reasons. There and it allows your application to easily accept other providers.
So it’s low friction right if you have a website and you want to accept other users on there if they have yet another login to enter in i use key pass to store my logins and it just grows and grows and grows. Because you know i try to mix up my logins and passwords. And as everybody should do is a good security practice.
You’re all not sharing passwords and logins between websites right right. Hey. The idea here is it uses an existing account you don’t have to provide credentials to the system that you want to use the app you want to use it could be a mobile app.
It could be a website so it allows your application ooofff allows your app to request resources from some server. Let’s say you want to go to facebook and request. Some resources and you and your application is going to request them on behalf of me so you can say we’ve all seen like the system’s you go on and you register for facebook.
Access. So let’s say. I go onto some news website.
Again as my example and i want to register to leave comments on your blog and i go ahead and i and i thought authenticate against facebook. And it says. This application can read your facebook profile.
Yes. This application can have access to all your friends. Cancel.
It allows you to see within a limited scope of what that application can do and just because you allow that application doesn’t give that application free rein right has potentially a limited scope as to what it can access and can let you know what it can have access to and that’s one of the great you have more granularity as a user absolute iding what it is that you’re gonna allow more granularity and you know actually if you’re not using third party authentication and you’re going directly to the service. You have none of that granularity you’ve you just authenticated with them and everything that you give them is available to them your email address or whatever. When you go to this third party.
You can say i only want to use this as login. I only want to use facebook for instance as my authentication means and not anything else yep. Absolutely i don’t want you to have my credentials yeah leave me there it’s just easy to it’s a lot easier for the users right right virtually everybody has either a facebook microsoft account google login and they can just use those as opposed having yet another.
System so how does identity in aspnet. Use oauth here’s a basic flow of how oo oo. Works now this isn’t necessarily aspnet identity.
Using oauth. This is just how oh ah. The business works.
Yeah. Right a good clarification. There.
So. This is kind of as a as a high level overview how a speed. I networks.
But also how it all works from a high level overview depending on the version. There’s oauth 100 off to and you can actually break this down with into four separate parties. But this is kind of a good high level overview that makes a great imple to understand so.
Jeremy let’s assume you are this swab. Looking guy on the left here. Let me put my sunglasses on glasses on and you’ve got to be in brodo let me grow a goatee.
We should have all dressed like this guy today so you go to a website. We’ll call that the client application that’s this guy here in blue and rather than having to give that application credentials in turn can go off to some service will call that service here facebook. Now.
There’s a couple different reasons for that one you might just want to authenticate with your client application and that’s it you don’t ever want to access facebook. Technically you just want to use it as a login that’s one scenario but kind of piggybacking on that is you want to login using your facebook credentials to facebook. But you want to give that application maybe access to stuff in there maybe it’s a website that can take your facebook.
Pictures and do something really with them so it needs access to those pictures so two different scenarios here one you just want to log in and you don’t want to give some website your credentials you authenticate authorized with facebook. Another scenarios you’re actually log into an app and you want that app to do something with your information. And so it can share that information and you can improve it too so first thing that happens is user goes to your application and your application then talks to the service.
So again we’ll call it facebook in this case and to the authorization server over there that says hey by the way. I’ve got this user here can i have permission to send them over to you and the service. Replies back says why certainly here’s a token that that user needs to come talk to me.
So i know it came from you that’s when you get redirected in your browser or in your client app to let’s say facebookcom. And you see it pop up this application wants to have access so the user is essentially going right to the provider. There are no longer in your application anymore their browser let’s assume.
It’s the browser here since we’re talking a speed on it the browser is now on facebookcom. Your user authenticates their logs in and they get that little pop up that says hey and we’re gonna see that do you want to allow this app to do xyz. Sure an access token is then granted to your client application.
Now anytime. Your client application wants to do anything with facebook. It uses that token to talk back to facebook.
So it requests something from facebook with that token to its resource server and then facebook’s resource server responds back with whatever that resource is assuming that you have that token make sense it does so a walk is kind of this you start reading the protocol. There’s all these complicated concepts in a. Nutshell this is basically what’s happening now what does aspnet store in all of this.
So your asp net user login table that tracks they provide our name and actually has a provider key. In there as well so this guy right here a speed net user logins you have your login provider. And that is a key.
I’m sorry that could be like facebook. Google and then you have a provider key. Which is some number that represents that provider and your user id of course and that links you to a speii net users.
So notice here there is a link to a local system. What’s happening here is your facebook token is not actually stored. But you do get some information that’s stored about your user account here again.
We are not storing that facebook. Token and also we are not storing. Any kind of password for you the key is that asp net user logins table alright.
Let’s look at integrating with other providers here so out of the. Box in aspnet. Identity you get integration with a microsoft.
Account which uses oauth 20. You can integrate with a google account a facebook account and twitter. Those are all out of the box.
You can integrate with azure active directory. Then that is a slightly different process. Because it’s actual a little bit easier too and we’ll look at how to do that.
And that uses open id connect. Which works on top of oauth. 2.
So let’s look at a demo of adding a facebook login. So let’s open up a visual studio will create a new project. We’ll do this all from scratch call us facebook web example now keep in mind.
The example that adams walking you through here is right out of a project template and you step in through it. So you can go you can you’ve got this same project. Template and you are visual studio yep.
This makes it really easy click ok. I’ll just choose an mvc application. Same thing applies to the other templates as well web forms mvc now i’m gonna stay with this your individual user account because it’s still storing a little bit information locally creating this project.
Just like we did before oh right there we go now again. Remember i mentioned earlier. You need to run your application.
So there’s essentially this database here gets populated onis. We don’t have a database here let me f5 and run this and i’m just going to register a regular user account so as it stands right now. This is just the same template that we’ve looked at before register that our database is gonna get created when it comes back we are all good now notice if i log off and i go to login look at this template here use another service of login.
There are no external authentication services configure. See. This article for details on setting up.
So if we forget everything i’ve said here today you can go to that article and check it out. Although it’s really easy i think you’re gonna remember it go back to visual studio. Let’s stop debugging notice as i mentioned earlier that database has now appeared that’s there let’s look at that guy.
It’s everything we’ve seen before as of now. We have just an entry in asp net users everything else here is going to be blank except for migration history. So what we’re gonna be using in this demo is this guy right here asp net user logins log and provider provider.
Key and user id so to get this puppy going if we scroll down to our startup off and recall that in the first module. I mentioned that this here deals with initializing those open libraries. That’s that security middleware.
That’s something that sits kind of in the pipeline and looks for the required information for facebook for example and handles it all for you so we need to configure that down here. And it’s actually all commented out already for us use facebook. Authentication.
Perfect. Well great. What’s my app.
Id. And what’s my app. Secret.
All right let me show you where you get that and how you create that going over to let me close some of this out facebookcom. I’ve logged in with my account and here’s some my applications here and i i do realize that i’m showing you my application secret. Which is typically a no no however.
I’m just dealing with a just a local host site here so you create a new app on facebook. I’ve got three on here just for demos so you add a new app and you fill out some details. What’s the name of the app contact email.
And what’s your url now because i’m testing. This locally notice. I’m just using a local host url.
So clearly if this is a production website. You would use wwe jeremy’s awesome picture app calm something like that that domain probably exists somebody probably has it everything’s taken now. It is you create that and this is what you’re gonna need so this key this app secret.
We’re gonna come back over here and paste that in as our app secret our app id. I’m gonna copy that come over here hey stead out here i save that easy enough so. Far control.
S. F5. Okay.
Now when we go to login look. What shows up in the upper right hand corner here use another service to login facebook is there if we haven eight. If we enable other providers here this this that shows up there.
So let’s go ahead and search for this here. And we can see that that code so all i did here was i copied this out just so i could find where my project. That code is use another service to log in we go over.
Here here. It is it’s in our external external logins list. Partial that’s es html.
It’s a partial view in mvc. Kind of like a user control. If you may in web forms.
Just a little piece of a view that gets rendered with something else and here we’re getting a reference to our own context authentication. We’re getting all of our registered authentication types. If we have more than one well let’s say if we have 0.
We simply display that message we saw by default there’s nothing set up if we have more than 0. Then we go ahead and we enumerate each one and list them out template code that’s actually already there in your project. It’s disabled by default because we haven’t right we haven’t registered this so that’s all disabled by default so the template code is there you just need to do this to get it to work all right so let’s actually go ahead and register.
And see what happens i’ll f5 that again now the first problem. I’m going to see is notice my url up here is if you can see it it’s port 5 3. 8.
6. 3. The problem with that is if i look over on facebook.
I have a different port this url must match exactly or you will actually get an error. Let’s see if i can actually get that error to happen. Let’s login.
There’s another service. Yeah see it right here. Giving url is not allowed by the app configuration it must match the website or canvas url well that’s why because my port my url didn’t match what facebook has so let me just go back to my home page here.
And let’s go back. And so that’s 5 3. 8.
6. 3. We need some change that to match facebook.
So i’m just going to copy that out go back to my web project. And what i need to do on my web project is changed that port so if you have a bunch of web projects that are trying to do this you might want to come up with a better solution here because this is specific to this one application so when i look at this web app. I go to properties.
I can see that that’s running at 5 3. 8. 6.
3. Right here. So you can change this you could use if you knew what your test website was you can change this up a little bit you can use a host file in your local system to override the name you can do some kind of configuration stuff.
In that case. I would probably host in ias and i would create an entry in my local host file that said something like my local ip address points 2ww awesome comm and that way when i go configure my facebook application. I could type in wws.
I’m calm here and when i test it on my local system. It just works that’s the advantage of the host file in the system. If you guys don’t know what that is applause that’s this guy right here.
So that path. If you missed that was windows system32 driver’s etsy. Hosts and the host file.
That’s known to guys and networking world for a long time you can basically come over here and just say super. Awesome one two three calm doesn’t matter. If that domain exists or not whenever you refer to that on your local system.
This is going to override essentially it’s going to look at your local system first to see if it understands that before it goes out to the net to do a name server look up on it so that’s one way that you could do that you could point your local ip address to look at this name and so when you hit that name in your browser. It’s gonna stay on your local system. But we’re gonna keep this right here we’re just going to use this localhost stuff.
It’s the easiest for me to debug with so localhost. I copy this url out. I’m gonna go back in here.
And i paste that and when i save this. I think i already have this registered with another app on the system. So it’s probably gonna tell me actually note.
This has not been configured. Yet perfect. Oh yeah.
Here it is it’s mapped to a different application. A different sample app on this system would you like to remap. It sure if this is your first time doing it you won’t see this this is only because i’ve run this demo on the system before it says hey that url is pointing to a different application on your system you want to remap it to this one why certainly thank you so all i did was i change the url to match what facebook’s expecting i come over here i log in i’m not going to touch this at all i’m gonna use just this super pics you bet that super picture besties friends site will receive the following info your public profile now note.
It doesn’t say. It’s gonna be able to get all of your friends. All of your pictures your firstborn son.
And all of that added jazz here so it’s limited in scope. And i can say review. The info.
I provide look at that tells me my profile picture. 21. Just some basic profile information.
You know what that’s okay. That’s all good redirects. Me back to my account now back to the web application now you’ve successfully authenticated with facebook you need to create a local id to associate that user.
So i’m just gonna say now you could change this up maybe. Didn’t want an email and you just want a user id you could do that too so i’m gonna associate this with that user that’s all i do i’m not providing any credentials to my local system. I just have an email address on file now somebody was asking about this what if i authenticate by way of facebook.
One day and then google the next day. I have the ability as the application developer to make sure that i handle those correctly associate those correctly by way of the user’s email address. So that whichever system they login as they authenticate by i’m recognizing them as the same person is that correct correct.
I think it up do a little bit of work on the back end there typically i think if i recall systems that support multiple providers. I remember you on a lot of them of course. There’s custom implementations you basically choose one or the other or this one right you do this you authenticate it comes back it verifies your profile information so you could store that information multiple ways.
But i think you might have to do a tiny bit of legwork on the backend to support the multiple providers on there yeah actually no no in this case. That should actually work just fine. I’m thinking of more advanced scenarios.
Reason being is if we look at our database. Schema here. If we look at this guy right here.
We can have multiple logins per user id right there so this is the table that holds our external providers. Microsoft google facebook. There we go so we can have multiple of riders for one user easily in this this actually already works on there.
I’ll sink into some more advanced centers. So that should work flying out of the box can i try another question on you i don’t know the answer this one at all i’m not too familiar with facebook’s platform. But somebody’s asking about whether or not is their facebook integrated login that does not require the facebook app platform to be turned on does that make any sense to you that i’m not sure oh okay.
All right let me authenticate again here there we go. There’s my email address log off now if i add any other providers into there so let’s check that out here. If i go back to my startup that off i’ll just do something fake here log in and now we see that we have a second provider.
Because it’s a little bit a little bit more advanced not a whole lot. Though so if i look into my controller. Account controller.
There’s a method in here. Facebook info. So this application same thing you register with facebook.
But we need to store that facebook token and if i look also this one does it slightly differently. As well too so let me go to the other one swing. Compare and contrast.
Notice. How simple this code is here use facebook authentication. We have an app id and app secret boom.
We’re done it just works. Now if we want to go a little bit more advanced and we need to store that token when it comes back. Those options that we initialize with use facebook.
Authentication. Rather than just passing in the the app. Id and the app secret like we did here.
We can pass in this object facebook. Authentication options and we can say what kind of scope were requesting now by default you have access to the users profile. I think you also have access to the with the version to the api.
The friends that use this application not all their friends’facebook change that with the second version of the api you have access to what other friends use the same application that you’re on right now. So you’re saying here some kind of permissions that this application is using your app id your app secret the important part here is this callback right here this gets called when facebook. Essentially says you are authenticated and here.
We are grabbing that facebook token that’s coming back and we’re storing that so we can use that later on to make additional requests against facebook to get data. Why do i want to do that for this demo. What i’m gonna do is i’m going to authenticate with facebook and then i’m going to grab some of my profile information off of facebook.
So this is where i’m storing that token and there’s some integrated code here to store that in a database as well not just here throughout this project. That’s why i said i wasn’t gonna build this one up from scratch again all this code will be. Available and this was a sample that i got off of the aspnet repository.
They’ve had a bunch of great samples on there as well actually this facebook sample is one one of the team members repositories. But i’ll have a link up to that as well and all this source code. You can check out.
Now. Let’s look at the other thing. Here.
The other magic was in our account. Controller class. Facebook info.
We need that access token and so. All. We’re gonna do is query for that access token.
So we’re looking at the user’s claims. Remember. This is a claims based system.
So we are storing that token let’s close out some of this we are storing that token in the claims. A claim called remember it’s a key value. The key is facebook access token and we’re storing that access token coming back from facebook here we’re using that token to make a request against facebook.
And we’re using the api this api. All i did was tools package manager console. This was an install install package facebook that’s what gave me this sdk right here that we’re looking at so this code is not there in a default template.
If i want to query against facebook. Then i install the facebook nuget package. Since that font might be a little smaller let me increase that install package facebook.
You don’t have to put the capital a like i did alright so we’ve got this facebook client and we’re giving it the access token so that class is gonna do the communication for us facebook has an api to find on their site slash. Me slash media slash feed all of these different things if i want my picture. I’m gonna call this one so i’m grabbing that information back from facebook.
My name my locale. My last profile updated time and my picture url and it’s going to return that to a webpage to a view. So i can see it so.
Let’s see what happens with this let me make sure i’m running on the same port six two zero five four and facebook required six two oh nine eight. I can actually just do this five four. I can change on the facebook side too alright.
Let’s go ahead and run this clear those breakpoints okay login. I’m gonna do this a little bit trickier here just to be sure because i’ve already logged in let’s let’s open up a separate browser here i’m gonna open up chrome just to make sure i’m not sharing into those same cookies so login use another service. I’ll use facebook thank you very much okay this will receive the following information we saw that already okay now here.
We go we’re adding that claim back this is what facebook replies back with this big access token here. And that’s needed for future requests to facebook resources. Clear on my breakpoints there we go we success successfully authenticated please use a username and we’ll just call this just for giggles here adam to the per five.
I’ve got a lot of breakpoints in this project perfect now this guy up here. Facebook info. That was that method we were looking at where i query using that facebook nuget package step through this that was a code we just looked at where we just reference facebook’s api we get some data that comes back we’ve populated that into here our locale.
Let’s open that again here. We’ve got our locale our name. The picture url.
The updated time let’s see what that looks like there we go up the layouts. A little bit messed up here. I gotta fix that but you get the idea i refer to i brought back my name the locale.
Which is a little overlapping here. But we saw that data all come back here if i refresh that page step over that we can see all that data here. So.
The data is all correct. Even. Though.
My web layout was a little messed up simple as that so that is how we integrate with one. A social provider and secondly. How we can take that one step further get the access token and then use that in the future for requesting resources from facebook on behalf of that user alright next.
Jeremy. This is one of my favorite demos because it uses as your azure as a cloud platform. I think is amazing we i think we do releases of features on there every three weeks now it’s always changing always change.
It’s always growing so i’m there been a lot of questions in the chat room. So your timing is excellent yes alright so what we’re gonna talk about here is using single sign on in a web application. I’ve seen many organizations.
I’ve worked in many organizations were you have all these different little islands. All these applications and they all have their own little sequel databases everywhere. Some might share one database that’s multi tenant.
In other words supports different applications different companies different users etc. But single sign on is great. Because you can point it to some other area.
And that handles all of the credentials for you and then you can sign in once have access to a bunch of apps or again. Like i mentioned earlier. You can use those same credentials to access multiple applications.
Without having to share them with the application itself so in this case. We’re going to keep credentials stored in azure as going to use act. It’s active directory.
There to know all about those users and our application will just query that and we can actually create another web application that queries that same data and another one another one. We can create ten web app. Web applications probably really fast that all look at that azure data.
And i’ll provide the same user experience to log in so let’s check that out shall. We i’m gonna go over to almost at facebook’s i just closed facebook app. Go over to azure here to active directory alright this is the azure portal managed at windows azure comm.
If you haven’t checked out a sure you can get a free trial signup go to windows azure comm and check it out. But what i’ve done in here. There are many features.
We are just going to use active directory for this one so we’ll do this all from scratch. We’re gonna create a new directory and we can see that’s the default there we’re gonna create a new directory. We’re gonna create a new directory the name i’m gonna write this all down as i do this super new directory.
Super new directory. Whew. Let’s do the ultimate with keep track of all.
This. Information. Here.
Super new directory domain. Name. We’ll call it.
Super. New directory. Oh somebody’s already used that get the heck out.
Oh yeah. Well watch this super super new uh. Huh select country.
I am in the united states. So let me copy this out forget that that’s funny somebody else has super new directory. Oh test data.
It’s actually i could just beat you to it. Oh. I used to love the past organization.
I was at there was a large databases with user info and the testers would have the most creative names they would put in there for ya pretends great yeah. I don’t know if everybody’s aware of this. Let’s just go ahead and jump over to mine.
This is kind of fun actually. There is a website called the fake name. Generator have you ever been there i don’t think so this is hilarious because it feels like you’re actually looking at a real person here and look at this we’ve got let me refresh.
It so we make sure we don’t know anything we don’t want to show. But look at this we’ve got a phone number email address username password. We’ve got social security.
Number. Oh. My goodness.
That’s clean. You can click here to actually show it and you export that from there and then you can you can actually not only export. It.
But you can request huge dumps of of tests. That’s yeah yeah. It’s actually really fun and everything on here is it’s completely made up there’s it does not at all map to people in real life.
If it does then you are the victim of it some incredible change. That’s pretty cool all right. Thank you i’ve seen some test data sites.
And that one actually has a coolest coolest layout. I like that yeah i just get that one snapshot there yeah all right so in azure here. We’re gonna go into my super new directory.
Uno and go in the users. And i’m going to add a user. This is the first step you must do a new user in the organization and this one will call my global admin.
We need a global admin first so let me write this down here at super. Directory one dot on microsoftcom. So we’re gonna create a user called my global admin next my global admin first and last name display name my global admin.
What role global administrator. I’m not gonna fill out the alternate email address. Here and i don’t need to check off multi factor authentication.
I’m gonna click on next oh i do need that there so we’ll do my address okay create it we’re gonna get a temporary password. Now so i will take that out save that alrighty now with that in mind let’s go back to visual studio. We’re gonna open up a new we’ll do a new one here new.
Project same thing aspnet web application will call this. As your ad mvc application. Now here’s where it changes change.
Authentication organizational account and notice. It says for applications that elf indicate with users with active directory microsoft as your active directory which we’re using here or office 365. So we’re going to use cloud single organization.
But notice you can do on prem or multiple organizations and the domain so something got on microsoft com. I’m just your house. I mean that might be your your company’s your organization’s actual domain.
But yes you can customize that absolutely i’m going to use the default one here on microsoft com. With mine access that will single sign on or do you want them to read be able to read this directory. Data or read.
And write your directory data in this case. I do not i’m not changing any of the active directory database in i just want default authentication rolled up here so i’m choosing the defaults here i’m gonna click on ok i have to log in with my global admin now so i come back here my global admin oops. So it’s my global admin at my directory.
Name change password. All righty these are internet password here there we go notice. We’re all set here authentication we see super new directory.
One dot on microsoft com. So to recap. I’ve created my directory.
I created the global admin in that directory. I gave me a temp password and then once i did this it prompted me for that global admin and then prompted me to change my password all i’ve done so far click ok voila. There we have it alright simple as that we created our template here let’s go ahead and run this and this starts up immediately this application is protected so we integrated single sign on here.
So it says alright. Who are you now i i don’t want to use my global admin. We want to assign users to our application right the global admin is a global admin.
This is not a regular user. So i’m gonna go back to azure here and create a user so we’re going to say add user new user in my org. We’re gonna call them jeremy jeremy foster.
He’s a user and again we get that temporary password so i’m going to take the scalp here copy and paste. This info. Just so it a little bit easier for me already so going back to my application.
Here. I want to login with jeremy and that password and being that it’s my first login it’s gonna ask me to change that password so here we go got my username here jeremy at super new directory. 1.
And the password change password. There’s my old password. My new one i’ll throw one on the end make it easy.
Ok please reenter your password that makes sense gotta enter your new password and did i stop my application. I did so this actually came back to my application by hit stop my application. So let’s refresh this again.
Let’s paste. It okay jeremy and we need your new password. Which was this with a one on it there we go just like that so you are authenticated against active directory.
Yes. All right. Now.
Let’s look at your application. Here this is different. This is not the same sort of layout that you get with the typical identity and a spit in it one could even argue that this fits in as kind of an overall umbrella for authentication in your application outside of identity.
This uses these tables here so there is something to note that if you are going to migrate this application up to the cloud. When you migrate this you actually will need to select a database in the cloud to migrate this to and you can do that when you publish your project you can specify your database options and all that to publish to the cloud. Just one thing to be aware if there’s a little bit of information that’s stored locally here that information.
This does need to be replicated. If you happen to host in the cloud. And it does require database just to tracks a little bit of this local information alright.
So that was it for the azure active directory. Now show you how easy this is again. I want to create a brand new web application.
Let’s create another one the new project will call this as your ad. I’ve got another application. I’m adding my organization.
I want to use that same single sign on again. So go back to notepad here. Copy my directory.
Name same thing. Like we did before click okay. And there it goes and voila.
We have a project. We debug our project again brand new web project second web project pointing to that same active directory up in azure use another account. We’re going to use jeremy’s account here and your password.
Just like that so in under like a minute here. I brought up a whole new web application that is authenticating against your application. That’s up there in the cloud.
Now let me bring active directory. New cloud. I should say yeah.
Let me make one thing. Clear for folks based on some questions. When you’re doing authentication against active directory.
In the cloud azure active directory. A likely scenario not a necessary scenario. But very likely scenario is that you’re dealing with a corporation who already has an on premise authentication solution they have microsoft’s active directory installed.
Which is very popular and they have a bunch of users and groups defined in active directory. And that’s what they’re authenticating against well. What you do here is you go ahead and set up your azure active directory.
You do a one time synchronization of all of those users. And then kind of an ongoing live synchronization. A live connection between the two such that when the it guy.
Adds joe the new employee. He gets synchronized up into azure active directory. And he’s now joe in azure active directory.
And we can authenticate against that user account again by way of one of these modern scenarios like twitter or facebook. Or something like that so a pretty cool story because it keeps these two in sync. Whereas.
Before they were kind of locked in behind the firewall of the company for good reason absolutely makes sense so far. I think so yeah sure i think my is my favorite part because it’s so easy just to spin it up and then yeah bear with all your applications pointing to that one and authenticating against it it makes it really realistic and and by the way. The the first tier of azure active directory.
You can just go sign up for like go get yourself the free azure subscription in general and then you can go create yourself an azure active directory. And just start playing with that there’s no charge for it very cool well should we go ahead and take a meal break. We should.
I actually hear my stomach growling. A little bit over. Yeah.
Yeah. Me too. I’m looking forward to it.
I hope you guys are too. So we’ll see you back in about an hour see you again music. .
Thank you for watching all the articles on the topic Part 3. ASP.NET Authentication and Authorization | Identity: External Login Provider. All shares of cfcambodge.org are very good. We hope you are satisfied with the article. For any questions, please leave a comment below. Hopefully you guys support our website even more.