Looking at all aspects of working with OAuth in .NET and web applications. Including implementation of a custom OAuth end to end solution
Pete Lopez commented
This is desperately needed. There is a lot of information out there but nothing comprehensive. I would love to see some bits on using OAuth for authorization and authentication to implement an SSO solution. One log in would allow the user to show as logged in across a family of sites.
Jorge Silva commented
Also just remembered...
This is very important:
Hardcoding claim in web.config so you can "mock" users during development because you WILL have delays in the deployment of ADFS from the IT guys.
Nice tools that mimic IDP's so you can call them and use them during development. (ie https://mockmyid.com/ or http://thinktecture.github.com/ )
Jorge Silva commented
The series you had before with the "Geneva Framework" were really out of date.
I have done a project with ADFS 2.0 and I think it would be great to see a course about this.
Topics that come to my mind:
- How it works
- What is a Samlp Token
- Explain the auth flux
- browser -> website -> redirect to IDP -> redirect with token back to website
- there are more scenarios (act-as is a MUST for enterprise level application)
- What it is
- How to set it up
- ADFS Proxy (On the enterprise this is mandatory due to domain forests not talking to each other)
- Configuring ADFS
- Passthrough credentials for "Acting-As" and Proxy server to work correctly (normaly using the apppool guy to passthrough the token and use token with act-as)
- web.config configuration
- Custom Claims
- Query DB based on IDP token to get more data and create new Claims
- Enable trust between IDP - ADFS and ADFS - ADFS Proxy
- Configuring an OAuth provider into ADFS (Google, Live,...)
- Creating a "custom login page"
- Cookies used (there are a lot of them last time I used it and there were problems with chrome)
WCF / WEB-API
- Using the OAuth
- How to consume the ADFS straight up
- ADFS with Act-As
- OAuth provider (this is almost out of the box in the MVC projects in VS 2012 though)
- Front-end / Services configuration to send Token back and forth
- Encapsulating the token inside another (act-as)
- Creating an IDP
- Creating one
- Why you SHOULD have a custom one
And now I can't remember more since I'm at work and last time I used this was 1 year ago so I don't recall everything anymore :)
David Miller commented
Would be nice to see how OAuth can integrate with Windows Identity Foundation.
Andy Shokalook commented
Some examples in OAUTH 2.0 with .NET would be great!