I would like to see a course on ...

Advanced OAuth

Looking at all aspects of working with OAuth in .NET and web applications. Including implementation of a custom OAuth end to end solution

881 votes
Sign in
or sign in with
  • sso
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Darren NeimkeDarren Neimke shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


    Sign in
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      • Andres RomeroAndres Romero commented  ·   ·  Flag as inappropriate

        And the author, please, Dominick Baier, he has some great courses about Identity and Access control for ASP.Net

      • Andres RomeroAndres Romero commented  ·   ·  Flag as inappropriate

        I agree with the topics Jorge Silva is proposing. Also i think it'd be nice to implement it based on the Owin/Katana approach. I´d like to center the course on authentication (ws-federation, openid) and authorization (based on claims - claims transformation) in mvc applications (maybe also web api) and how it is done in the katana world.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would like to see this in Java implemtation, with a theory that explan identity federation too.

      • Nico SnymanNico Snyman commented  ·   ·  Flag as inappropriate

        It would be awesome to get some more light on implementing a custom OAuth Provider from scratch which consumers can hit to say retrieve more than just personal details but maybe files/photos or web services.

      • Pete LopezPete Lopez commented  ·   ·  Flag as inappropriate

        This is desperately needed. There is a lot of information out there but nothing comprehensive. I would love to see some bits on using OAuth for authorization and authentication to implement an SSO solution. One log in would allow the user to show as logged in across a family of sites.

      • Jorge SilvaJorge Silva commented  ·   ·  Flag as inappropriate

        The series you had before with the "Geneva Framework" were really out of date.
        I have done a project with ADFS 2.0 and I think it would be great to see a course about this.

        Topics that come to my mind:
        OAuth (2.0)
        - How it works
        - What is a Samlp Token
        - Explain the auth flux
        - browser -> website -> redirect to IDP -> redirect with token back to website
        - there are more scenarios (act-as is a MUST for enterprise level application)
        ADFS 2
        - What it is
        - How to set it up
        - ADFS Proxy (On the enterprise this is mandatory due to domain forests not talking to each other)
        - Configuring ADFS
        - Passthrough credentials for "Acting-As" and Proxy server to work correctly (normaly using the apppool guy to passthrough the token and use token with act-as)
        - web.config configuration
        - Custom Claims
        - Transformation
        - Query DB based on IDP token to get more data and create new Claims
        - Enable trust between IDP - ADFS and ADFS - ADFS Proxy
        - Configuring an OAuth provider into ADFS (Google, Live,...)
        - Creating a "custom login page"
        - Certificates
        - Cookies used (there are a lot of them last time I used it and there were problems with chrome)

        WCF / WEB-API
        - Using the OAuth
        - How to consume the ADFS straight up
        - ADFS with Act-As
        - OAuth provider (this is almost out of the box in the MVC projects in VS 2012 though)
        - Front-end / Services configuration to send Token back and forth
        - Encapsulating the token inside another (act-as)
        - Creating an IDP
        - STS
        - Creating one
        - Why you SHOULD have a custom one

        And now I can't remember more since I'm at work and last time I used this was 1 year ago so I don't recall everything anymore :)

      Feedback and Knowledge Base