Kenneth Fossen
In this set of exercises, we will be looking at IdentityServer, Authentication, and Authorization with a Commandline client. We will follow Duende's Quickstart Guides for up to 4 experiences to familiarise ourselves with ASP.NET WebAPI Security is working.
I've prepared the skeleton code for you to start with the project. All the necessary packages have been added to their respective projects so skip these steps in the guides.
This server is hosting all the Identities, Scopes, access groups, and so forth.
It should respond to a regular HTTPS request to the following address for it to be working.
https://localhost:5001/.well-known/openid-configuration
Note: the first time you query this address, it is slow due to it having to generate all the keys.
Use your browser or just run one of these commands:
# classic
curl -k https://localhost:5001/.well-known/openid-configuration# pretty format
curl -k https://localhost:5001/.well-known/openid-configuration | jqShould be listening to https://localhost:6001/swagger/index.html
You should see the WeatherForecastController endpoints.
Empty client for Task 1, goal is to implement this and experiment with it
Empty client for Task 2, the goal is to implement this and experiment with it.
If you get an error connecting it may be that you are running HTTPS and the development certificate for localhost is not trusted.
You can run dotnet dev-certs https --trust `in order to trust the development certificate.
Only do this once.
Interactive Applications with ASP.NET Core
Note: There is no need to do task Add Support for External Authentication, but feel free to do it if you want. Requires a Google Account.
In this Solution, you will find two clients and a "Secured" Api.
The secured API is running also in Azure on the following address:
https://kefo-securedapi.azurewebsites.net
But I have provided you with the source code so you can write a client that speaks to the Secured API Endpoints.
You will be using Azure.Identity to configure and implement the client.
Your goals are to successfully request data from these endpoints.
Tips: start by investigating appsettings.json.
- Write a client that can access the WeatherForecast
- Write a client that can access the TaggedController
Your task is to fetch the Flag/Secret value and get it to show in the WebClient.
The secret flag is only on https://kefo-securedapi.azurewebsites.net,
but it is a good idea to test and work with the solution to make it work locally.
cd WebClient
npm install
npm run dev
open "http://localhost:5173"I've put up a skeleton for 'authService.js' and this is the one that you need to configure and implement.
- You need to find the correct Azure Tenant Ids
- Need to request the correct Scopes
The library you are using is MSAL.js Good starting place could be: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Samples
user: password:
Microsoft Identity Platform Code samples
This Challenge is set up according to: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/tree/master/2-Call-OwnApi You can use this guide to create your own Azure Tenant and configure things in Azure to test it.
https://github.com/azure-samples/active-directory-dotnet-webapi-manual-jwt-validation
https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code
Microsoft identity platform and OAuth 2.0 authorization code flow