I would like to see a course on ...

← New Course Suggestions

Advanced OAuth

Looking at all aspects of working with OAuth in .NET and web applications. Including implementation of a custom OAuth end to end solution

446 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    I agree to the terms of service
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Darren NeimkeDarren Neimke shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      I agree to the terms of service
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Pete LopezPete Lopez commented  ·   ·  Flag as inappropriate

        This is desperately needed. There is a lot of information out there but nothing comprehensive. I would love to see some bits on using OAuth for authorization and authentication to implement an SSO solution. One log in would allow the user to show as logged in across a family of sites.

      • Jorge SilvaJorge Silva commented  ·   ·  Flag as inappropriate

        Also just remembered...

        This is very important:
        Hardcoding claim in web.config so you can "mock" users during development because you WILL have delays in the deployment of ADFS from the IT guys.
        Nice tools that mimic IDP's so you can call them and use them during development. (ie https://mockmyid.com/ or http://thinktecture.github.com/ )

      • Jorge SilvaJorge Silva commented  ·   ·  Flag as inappropriate

        The series you had before with the "Geneva Framework" were really out of date.
        I have done a project with ADFS 2.0 and I think it would be great to see a course about this.

        Topics that come to my mind:
        OAuth (2.0)
        - How it works
        - What is a Samlp Token
        - Explain the auth flux
        - browser -> website -> redirect to IDP -> redirect with token back to website
        - there are more scenarios (act-as is a MUST for enterprise level application)
        ADFS 2
        - What it is
        - How to set it up
        - ADFS Proxy (On the enterprise this is mandatory due to domain forests not talking to each other)
        - Configuring ADFS
        - Passthrough credentials for "Acting-As" and Proxy server to work correctly (normaly using the apppool guy to passthrough the token and use token with act-as)
        - web.config configuration
        - Custom Claims
        - Transformation
        - Query DB based on IDP token to get more data and create new Claims
        - Enable trust between IDP - ADFS and ADFS - ADFS Proxy
        - Configuring an OAuth provider into ADFS (Google, Live,...)
        - Creating a "custom login page"
        - Certificates
        - Cookies used (there are a lot of them last time I used it and there were problems with chrome)

        WCF / WEB-API
        - Using the OAuth
        - How to consume the ADFS straight up
        - ADFS with Act-As
        - OAuth provider (this is almost out of the box in the MVC projects in VS 2012 though)
        - Front-end / Services configuration to send Token back and forth
        - Encapsulating the token inside another (act-as)
        IDP
        - Creating an IDP
        - STS
        - Creating one
        - Why you SHOULD have a custom one

        And now I can't remember more since I'm at work and last time I used this was 1 year ago so I don't recall everything anymore :)

      • David MillerDavid Miller commented  ·   ·  Flag as inappropriate

        Would be nice to see how OAuth can integrate with Windows Identity Foundation.

      New Course Suggestions

      Feedback and Knowledge Base

      (thinking…)