.NET Core Auto Login with ADFS
Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.
using CPQrp.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
namespace CPQrp
{
public class Startup
{
private IConfiguration _config;
public Startup(IConfiguration configuration)
{
_config = configuration;
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
// ROUTING
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSpaStaticFiles(configuration =>
{
// In production, the Angular files will be served from this directory
configuration.RootPath = "ClientApp/dist";
});
// CUSTOM SERVICES
services.AddSingleton<IApplicationUser, ApplicationUser>();
// AUTHENTICATION
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
_config.Bind("ADFS", options);
})
.AddCookie(options =>
{
options.Cookie.Name = "auth";
options.Cookie.Expiration = TimeSpan.FromDays(30);
});
}
/// <summary>
///
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
/// <param name="appUser"></param>
/// <param name="logger"></param>
public void Configure(IApplicationBuilder app,
IHostingEnvironment env,
IApplicationUser appUser,
ILogger<Startup> logger)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.Use(next =>
{
return async context =>
{
// DefaultAuthenticateScheme causes User to be set
var user = context.User;
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
await context.ChallengeAsync();
}
else
{
if (!appUser.Exists())
appUser.LoadUserData(context);
await next(context);
}
};
});
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
c# login .net-core single-page-application adfs
add a comment |
Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.
using CPQrp.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
namespace CPQrp
{
public class Startup
{
private IConfiguration _config;
public Startup(IConfiguration configuration)
{
_config = configuration;
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
// ROUTING
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSpaStaticFiles(configuration =>
{
// In production, the Angular files will be served from this directory
configuration.RootPath = "ClientApp/dist";
});
// CUSTOM SERVICES
services.AddSingleton<IApplicationUser, ApplicationUser>();
// AUTHENTICATION
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
_config.Bind("ADFS", options);
})
.AddCookie(options =>
{
options.Cookie.Name = "auth";
options.Cookie.Expiration = TimeSpan.FromDays(30);
});
}
/// <summary>
///
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
/// <param name="appUser"></param>
/// <param name="logger"></param>
public void Configure(IApplicationBuilder app,
IHostingEnvironment env,
IApplicationUser appUser,
ILogger<Startup> logger)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.Use(next =>
{
return async context =>
{
// DefaultAuthenticateScheme causes User to be set
var user = context.User;
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
await context.ChallengeAsync();
}
else
{
if (!appUser.Exists())
appUser.LoadUserData(context);
await next(context);
}
};
});
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
c# login .net-core single-page-application adfs
The company I work for usesSessions
to store user permissions. It's common practice to useSession
for this very reason.
– Dom
Nov 19 '18 at 19:44
add a comment |
Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.
using CPQrp.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
namespace CPQrp
{
public class Startup
{
private IConfiguration _config;
public Startup(IConfiguration configuration)
{
_config = configuration;
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
// ROUTING
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSpaStaticFiles(configuration =>
{
// In production, the Angular files will be served from this directory
configuration.RootPath = "ClientApp/dist";
});
// CUSTOM SERVICES
services.AddSingleton<IApplicationUser, ApplicationUser>();
// AUTHENTICATION
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
_config.Bind("ADFS", options);
})
.AddCookie(options =>
{
options.Cookie.Name = "auth";
options.Cookie.Expiration = TimeSpan.FromDays(30);
});
}
/// <summary>
///
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
/// <param name="appUser"></param>
/// <param name="logger"></param>
public void Configure(IApplicationBuilder app,
IHostingEnvironment env,
IApplicationUser appUser,
ILogger<Startup> logger)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.Use(next =>
{
return async context =>
{
// DefaultAuthenticateScheme causes User to be set
var user = context.User;
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
await context.ChallengeAsync();
}
else
{
if (!appUser.Exists())
appUser.LoadUserData(context);
await next(context);
}
};
});
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
c# login .net-core single-page-application adfs
Looking for comments on my code in hopes to find a standards based practice. I am currently deploying a SPA application (angular) with .NET Core as the backend. We have an on prem ADFS so I have set up the application to automatically log the user in when they reach the site. The code works fine, however I am curious if this is a common way to accomplish or if there is a standard pattern for this use case.
using CPQrp.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.WsFederation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
namespace CPQrp
{
public class Startup
{
private IConfiguration _config;
public Startup(IConfiguration configuration)
{
_config = configuration;
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
// ROUTING
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSpaStaticFiles(configuration =>
{
// In production, the Angular files will be served from this directory
configuration.RootPath = "ClientApp/dist";
});
// CUSTOM SERVICES
services.AddSingleton<IApplicationUser, ApplicationUser>();
// AUTHENTICATION
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
_config.Bind("ADFS", options);
})
.AddCookie(options =>
{
options.Cookie.Name = "auth";
options.Cookie.Expiration = TimeSpan.FromDays(30);
});
}
/// <summary>
///
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
/// <param name="appUser"></param>
/// <param name="logger"></param>
public void Configure(IApplicationBuilder app,
IHostingEnvironment env,
IApplicationUser appUser,
ILogger<Startup> logger)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.Use(next =>
{
return async context =>
{
// DefaultAuthenticateScheme causes User to be set
var user = context.User;
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
await context.ChallengeAsync();
}
else
{
if (!appUser.Exists())
appUser.LoadUserData(context);
await next(context);
}
};
});
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
c# login .net-core single-page-application adfs
c# login .net-core single-page-application adfs
asked Nov 19 '18 at 19:38
DrewDrew
33
33
The company I work for usesSessions
to store user permissions. It's common practice to useSession
for this very reason.
– Dom
Nov 19 '18 at 19:44
add a comment |
The company I work for usesSessions
to store user permissions. It's common practice to useSession
for this very reason.
– Dom
Nov 19 '18 at 19:44
The company I work for uses
Sessions
to store user permissions. It's common practice to use Session
for this very reason.– Dom
Nov 19 '18 at 19:44
The company I work for uses
Sessions
to store user permissions. It's common practice to use Session
for this very reason.– Dom
Nov 19 '18 at 19:44
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53381509%2fnet-core-auto-login-with-adfs%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53381509%2fnet-core-auto-login-with-adfs%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The company I work for uses
Sessions
to store user permissions. It's common practice to useSession
for this very reason.– Dom
Nov 19 '18 at 19:44