This is the third article in a series on Identity as a Service — Identity-As-A-Service. In this article, we are going to see how to configure an ASP Net Core API to validate the identities of the users using Okta.
For this example, we need the app that we developed in the previous article — Identity as a service (IDaaS) — Okta & ASP Net Core. In addition, we will continue using Visual Studio 2017 Community Edition.
Identity as a Service (IDaaS) - Okta & ASP Net Core
In the previous article, we discussed identity as service providers - Identity-as-a-Service - AWS Cognito and . Now…
All code for this example is available on GitHub.
Protecting API Access
The objective of these examples is to add the necessary validations in the API developed in ASP Net Core to allow only invocations from apps that have a valid user connected.
This is one of the best aspects of the OAuth2.0 and OIDC model. Each layer of our apps do not have to trust whoever contacts them, there is only a relationship of trust with the identity provider. The key element of the model are the JWT — JSON Web Token
This relationship of trust is achieved through the publication of configuration parameters that are public for any service that wants to use them. New services and layers can be added to our ecosystem without modifying existing services.
Something to keep in mind when we create or modify an API Controller in ASP Net Core is that the
[Authorize] attribute can be applied to a particular method or to the whole class. When applied to the entire class, then all methods will require you to meet the access criteria before responding.
Thanks for reading!!!
The complete article is available in DZone Security
Identity as a Service (IDaaS) : ASP.NET Core API and Okta - DZone Security
This is the third article in a series on Identity as a Service (you can see Part 1 here and Part 2 here). In this…
Artículo en español
Todas las opiniones expresadas son mías y no representan opiniones de ninguna entidad con la que he estado, estoy o estaré afiliado.
All views expressed are my own and do not represent opinions of any entity whatsoever with which I have been, am now, or will be affiliated