Suggest me with some informative links about working with ADFS in Asp.Net 3.5 and its related downloads.
I'd recommend checking out Windows Identity Foundation (WIF) if you do not need to tie directly into Active Directory. Either way Microsoft just dropped their Identity Training Kit which will cover both.
I'd suggest the training kit as suggested before or the "Claims Identity Guide"
Related
I have an API REST made in node js, and now I'd like to implement some XACML policy. I have been searching and I found that I can use ALFA to make the XACML rules. But I need a PDP for applying the rules. What can I use / how can I implement it?
I have read about WSO2 Identity Server (which I think I can use as a PDP? I'm not sure). It is probably too much for a little project. Any other suggestions? Or is WSO2 IS adecuate?
The go-to open source implementation of XACML 3.0 nowadays is AuthZForce. In OSS, it's the most up-to-date. In the commercial realm, look into Axiomatics (where I worked). They have the most up-to-date PDP and are the authors of the standard.
Yes, you can use Wso2 Identity Server as your PDP. Once I had a requirement to secure a Spring Boot rest API through XACML[1]. Anyway, It would be much easier for you to use the Identity Server PDP than implementing one. You have easy beginner samples that you can try out for your use case.[2] There are tools in the identity server that you can use to create the XACML rules.
[1].https://medium.com/#buddhimau/role-based-authorization-for-spring-boot-using-wso2-identity-server-3d74ab307fb9
[2].https://medium.com/#gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
Adding to Buddhima Udaranga reply, If you think IS too much for a little project, then you can directly use balana, which is the entitlement engine used inside IS. You can refer to this for more details. But balana have only java API.
I am having a bit of an issue with integrating with NetSuite API on .Net Core using VS2017 and it has no option to add Web Service. When I consumed their web service using add connected services some objects and classes are missing.
In .Net 4.5, the classes and object are available. My manager wants me to write the API in .Net Core.
I took the sample code from NetSuite and the very first thing is class NetSuiteService which has important Passport property for login.
Anyone had a solution to this?
It's fairly easy to integrate SuiteTalk with Dot NetCore, all you need to do is import the WSDL into .NetCore project via adding it as ConnectedService reference and it will set you up with WCF.
The DEMO code that NetSuite people have provided will not match the code generated on your machine. I would recommend you using TBA instead of other authentications.
(just copy paste the code provided by NetSuite's folks for authentication as that is the convention, you can change the crypt algorithm if you want to, just generate the Keys, put them in your configs and you're good to go)
Class "NetSuitePortTypeClient" will contain your endpoints for all types of communication to NetSuite web services.
Read the first 50-100 pages of the documentation manual that NetSuite provides for learning the conventions to be used throughout your journey.
Hope this will give you a headstart.
SAML 2.0?
OpenId?
OAuth 2.0?
CAS?
And others?
I know they all can do SSO, but I want to find out what are all standard protocol nowadays we used for SSO that covers 80% of market?
Anyone knows how do I find the result?
There is no standard protocol because it depends on the use case e.g.
Microsoft Enterprise uses WS-Fed.
Java Enterprise uses SAML-P.
Native (mobile) uses OAuth2 for consent. If you want authentication on top of this, add OpenID Connect.
And it also depends on the STS - not every STS supports all the above.
I need to implement Single Sign On feature for several internal web applications which are not deployed on the same domain.
Is federation a good solution in my case? Or it is only used if I want to federate the authentication to an external IdP.
I mean I want to create a custom WIF STS and make all the applications claims-aware RPs.
I'm thinking of it because I don't want to use custom solutions or third party libraries. WIF seems to have a straightforward solution integrated with .Net Framework.
Is my suggestion correct? Or this is an incorrect use for WIF.
Yes - a solution with WIF / STS will work even if it's only internal.
Beware of security if you roll your own.
You may want to look at ADFS or IdentityServer.
Going this route will make your life a lot easier.
I am new to asp.net and ado.net. I must to develop a content management system with .net and I wonder which option is right for me, disconnected or connected architecture for web?
I dont understand why I should use dataset on online applications.
It sounds like you are getting started with ASP.NET so depending on which technology you prefer (MVC or Web Forms) either of these two tutorials provided by Microsoft will be of great help on general data access.
MVC: http://www.asp.net/mvc/tutorials/getting-started-with-ef-using-mvc
Web Forms: http://www.asp.net/web-forms/tutorials/data-access