Unificando a autenticao e controlando acesso a API com
IdentityServer 4
Unificando a autenticao e controlando acesso a API com
IdentityServer 4Trilha Arquitetura .NETHeber Ortiz
Pereira@HeberOrtiz
Globalcode Open4education
Globalcode Open4education
Sobre mimDesenvolvedor (18 anos)@ Lambda3Microsoft Certified
Trainer
@HeberOrtizhttp://do.net.br || http://blog.lambda3.com.br
http://youtube.com/donetbr
Globalcode Open4education
Globalcode Open4education
Globalcode Open4education
Acreditamos que o momento de discutir Diversidade na TI.Pessoas
maravilhosas existem sob todas as bandeiras, formas e opes, e
queremos ajudar a construir ambientes inclusivos, diversos e
tolerantes em toda a indstria de software.3
Negcios so complexos
Globalcode Open4education
ProblemasEmpresas possuem muitas aplicaespara atender seu
negcio
Globalcode Open4education
ProblemasArquitetura das aplicaes so cada vez mais baseadas em
servios(microservices)
Globalcode Open4education
ProblemasComo autenticar e autorizar usurios e sistemas?
Globalcode Open4education
Tpica aplicao
fonte:
https://identityserver.github.io/Documentation/docsv2/overview/bigPicture.html
Globalcode Open4education
Autenticao e Autorizao como ServioSingle Sign-on / Single
Sign-outAutentique-se uma nica vez e use em todas as aplicaes
Globalcode Open4education
Autenticao e Autorizao como ServioAutorizao para APIs com o uso
de Tokens
Globalcode Open4education
Qual o comportamento esperado?DEMO
Globalcode Open4education
Seria Mgica?
Globalcode Open4education
Fingindo poderes mentais...
Globalcode Open4education
SUMIU !!!!
Globalcode Open4education
Qual o Segredo?
Globalcode Open4education
Como Funciona?
fonte:
https://identityserver.github.io/Documentation/docsv2/overview/bigPicture.html
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Authentication as a ServiceSingle Sign-on / Sign-outAccess
Control for APIsFederationCustomization everywhereIdentityServer4
for ASP.NET Core 1.0
Globalcode Open4education
HORA DO SHOW,POPOMBAS!!!
Globalcode Open4education
Globalcode Open4education
Criando um servidor de identidade e dois clientes MVCDEMO
Globalcode Open4education
Endpoints
Globalcode Open4education
Implicit FlowFIDDLER com REDIRECT e detalhes da URL
Globalcode Open4education
Implicit FlowFIDDLER com POST (direita)
Globalcode Open4education
Implicit FlowFIDDLER com POST (FORM e TOKENS)
Globalcode Open4education
Implicit FlowFIDDLER com POST (FORM e TOKENS)
Globalcode Open4education
JWT.IO ID_TOKEN
Globalcode Open4education
Globalcode Open4education
JWT.IO ACCESS_TOKEN
Globalcode Open4education
Globalcode Open4education
Implicit FlowOs Tokens ficam expostos no clientAplicaes
front-endDispositivos mveis (no oficiais)
Globalcode Open4education
Code FlowDEMO
Globalcode Open4education
Code FlowApenas um cdigo aleatrio exposto no cliente
Obteno do token do lado do serverCenrio mais comumFront +
BackClientes confidenciais
Globalcode Open4education
Segurana de APIDEMO
Globalcode Open4education
J Acabou??
Globalcode Open4education
Outros Fluxos
Resource Owner Password Credential Flowback channelclientes
confiveis
Client Credentials Flowback channelcomunicao entre servios
Globalcode Open4education
Refernciashttps://github.com/IdentityServerhttps://leastprivilege.com/http://oauth.net/2/http://openid.net/connect/
Globalcode Open4education
ObrigadoHeber Ortiz Pereira@HeberOrtiz
Avaliem a palestra pelo aplicativo do TDC
Globalcode Open4education
Globalcode Open4education
null1175.5098null1175.5098
