I'm currently trying to integrate an existing Blazor Server (ASP.NET Core 6.0, server-side only) application with my company's Keycloak authentication services. I need to use the existing .NET Authentication/Authorization libraries with the Keycloak - the Keycloak will hold all the relevant User data I need to access (e.g. ID, name, passwords, etc.) and use that data as query parameters to access the data stored in PostgreSQL. I've seen that this is possible with Microsoft SQL Server, so I'm wondering if the following is even possible:
Using something other than Microsoft SQL Server or SQLite to handle Authentication with .NET
Using a remote server database to handle Authentication instead of a local .db migration
Accessing Keycloak data for authentication instead of data stored in said local .db migration
If all of this is possible on Blazor Server instead of WebAssembly
There's tons of documentation on how to use SQL Server in a WebAssembly for authentication, but what little documentation exists for Blazor Server, and Keycloak, is for older .NET versions (usually 2.0) and very, very basic use cases. There's also questions already asked but haven't been answered. I'm still very new to Web development and Blazor, so if this isn't even possible, I wouldn't be surprised.
Related
I have setup Keycloak as a SAML broker, and authentication is done by an external IdP provided by the authorities. Users logging in using this IdP are all accepted and all we need from Keycloak is an OAuth token to access our system.
I have tried both the default setup using H2 and running with an external MariaDB.
The external IdP provides us with a full name of the user and a personal ID. Both data are covered by GDPR and I really do not like the sound of storing that data in a database running in the DMZ. Opening up for Keycloak to access a database in the backend is also not a good solution, especially when I do not need users to be stored.
The benefit of running without a database is that I have a simpler DMZ setup as I really do not need to store anything about the users but on the backend.
Do I need a database, and if not how do I run Keycloak without it?
Do I need a database, and if not how do I run Keycloak without it?
Yes, however, out-of-the-box Keycloak runs without having to deploy any external DB. From the Keycloak official documentation section Relational Database Setup one can read:
Keycloak comes with its own embedded Java-based relational database
called H2. This is the default database that Keycloak will use to
persist data and really only exists so that you can run the
authentication server out of the box.
So out-of-the-box you cannot run Keycloak without a DB.
That being said from the same documentation on can read:
We highly recommend that you replace it with a more production ready external database. The H2 database is not very viable in high concurrency situations and should not be used in a cluster either.
So regarding this:
The benefit running without a database is that I have a simpler DMZ
setup as I really do not need to store anything about the users but
on the backend.
You would still be better offer deploying another DB, because Keycloak stores more than just the users information in DB (e.g., realm information, groups, roles and so on).
The external IdP provides us with a full name of the user and a
personal ID. Both data are covered by GDPR and I really do not like
the sound of storing that data in a database running in the DMZ.
Opening up for Keycloak to access a database in the backend is also
not a good solution, especially when I do not need users to be stored.
You can configured that IDP and Keycloak in a manner that the users are not imported to the Keycloak whenever those user authenticate.
I'm new to .NetCore 2.0. I'm building a simple HR application that runs on our intranet in VS2017/C#.
Server: Window 2012 R2
Using IIS as a reverse proxy.
Windows Authentication only -- all other authentication disabled.
.Net Core Windows server hosting on the server is 2.0.5.
In previous application (.net framework). I simply set the authentication on the site to windows, disabled all other authentication and set the identity impersonate = true in the web.config.
In .NET core, this is not working when the application attempts to access the database. In this case, I get an error stating that the IIS user cannot access the database (which they shouldn't be allowed to, the current windows login credentials should be used instead).
I have already done what it says in this link
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?tabs=aspnetcore2x
I am still getting an error stating that the IIS user cannot get access to the db, but I want it to impersonate the windows credential, not the IIS user.
In short, how do I get windows authentication to work in .NET Core 2?
Any help is appreciated. Thanks
I am currently trying to develop an app for a company which uses a lotus notes 9.0.1 server. I am trying to work with their contractor who setup the server and I have no experience with lotus notes. I am going to use rest api to interact with the server but when I call GET on /api I see this the data is not enabled it seems to me that the Domino Data Service is not enabled for it can someone explain the steps to me for turning it on for the data view. So I can tell the contractor how.
Thanks
https://imgur.com/gallery/Gy5hf
What about using a search engine?
Each accessible database must be enabled to support the Domino® Data Service.
Tags: Enabling Domino Data Service on a database
To be able access a database with the Domino Data Service, each accessible database must be enabled to support the service.
Note: Remember to also make sure that the Data Service or any other service that you wish to access is first enabled on your server. The Core service is always enabled. Unlike the other services, the administrator does not have to intentionally enable the Core service. As long as the HTTP task is loaded, the Core service is available.
In Domino Designer or Notes®, do the following for each accessible database:
Open the database properties.
Click on the Advanced tab.
For Allow Domino Data Service, select either:
Views only to restrict access to views
Views and documents for full access
In Domino Designer, do the following for each accessible view:
Open the view properties.
Click on the Advanced tab.
Check Allow Domino Data Service operations.
Attempting to access a database that is not enabled typically returns error code 403 The Domino data service is not enabled for this database.
Attempting to access a view that is not enabled typically returns error code 403 The Domino data service is not enabled for this view.
https://www-10.lotus.com/ldd/ddwiki.nsf/xpAPIViewer.xsp?lookupName=IBM+Domino+Access+Services+9.0.1#action=openDocument&res_title=Enabling_Domino_Data_Service_on_a_database_das901&content=apicontent
Is there a way to get the server info of my VSO account and access using SQL Server?
I've tried logging in using the URL
{account}.visualstudio.com
But I got a sever not found error
No, the back-end databases are SQL Azure instances, different from the TFS on-premise databases. I cannot see MS ever giving you access to the database - maybe the data, but not the database.
You can only use the API (old and new REST) and Power BI tools to perform queries.
If you have a specific problem you are trying to solve, post it as a new question because it may be possible without database access.
Everything I've seen and experienced so far suggests that you must use Windows Authentication if you want to access a file via Win32 from within the a databases filestream store but is it possible to use jsut SQL authentication somehow?
No, you have to use Windows Authentication.
See the official team Web Log for Microsoft Customer Service and Support (CSS) SQL Support:
How It Works: File Streams Requires Integrated Security (Windows Authentication)