Can you secure .Net WS with OTDS as Authentication Server

Hi,

I am after finding out if i can secure a web service to people who have logged into OTDS first, in this particular case Content Server.
We make calls to the we service via javascript and would like to make the experience seemless to the end user.

I have read about setting up Oauth2 client but setting up the web service as a resource client and logging in will not stop people accessing our web service.

I am trying to achieve the idea of the web service redirecting to OTDS if not logged in and once logged in redirect back.
Then in theory once the user has logged into Content Server our web service will not redirect as will have checked the token provided by OTDS.

Any examples, pointers or knowing if this is possible yet or not would be much appreciated.

Thanks in advance.

Nick

Find more posts tagged with

API

OTDS

Comments

Nick_Furness

Still looking into how to do this, I am using .NET Core 3.1 REST web service and i want to secure it using OTDS as the authentication server, rather than create my own username and password system.
Has anybody else tried doing this?

Fred_At_Inalco

Hi there, same questions here, for a .NET core 2.2 Rest Web Service host in azure.

Nick_Furness

@FredAlainIA

I have managed to resolve this myself using built in standard OAuth middleware that is avaiable for .net core. My example code below is for .net core 3.1 so please bear that in mind.

All i did was modify the startup.cs to turn on authentication and point to my OTDS server.
You need to setup Content Server OAuth Client as well in /otds-admin.
In the example below the name used is 'SOMENAME' ... this needs to be the name of what you have setup.
To set the password go to partitions and find the member of the oauth clients and reset the password to what ever you want.

Last, i am only bothered about the user being authenticated ... i am not bothered about who they are or what roles they may or may not have so the token info url may or may not work too but it looks right according to their api documentation.

public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}

    public IConfiguration Configuration { get; } 

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllers();

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);

    //START - ADD SECURITY
        JwtSecurityTokenHandler.DefaultMapInboundClaims = false;

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = "OTDS";
        })
            .AddCookie("Cookies")
            .AddOAuth("OTDS", options =>
            {
                options.AuthorizationEndpoint = "http://CONTENTSERVERADDRESS:8002/otdsws/login";
                options.TokenEndpoint = "http://CONTENTSERVERADDRESS:8002/otdsws/login";
                options.UserInformationEndpoint = "http://CONTENTSERVERADDRESS:8002/otdsws/v1/authentication/oauth/tokeninfo";

                options.ClientId = "SOMENAME";
                options.ClientSecret = "***********";

                options.CallbackPath = "/";

                options.Scope.Add("resource:Content+Server");

            });

 //END - ADD SECURITY

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory, ISerialiser jsonHelper)
    {
        loggerFactory.AddLog4Net();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        ILogger logger = loggerFactory.CreateLogger("UnhandledException");

        app.ConfigureExceptionHandler(logger, jsonHelper);

        app.UseRouting();

        //START - ADD SECURITY
        app.UseAuthentication();
        app.UseAuthorization();
        //END - ADD SECURITY

        app.UseEndpoints(endpoints =>
        {
            //endpoints.MapControllers();

            //START - ADD SECURITY
            endpoints.MapControllers().RequireAuthorization();
            //END - ADD SECURITY
        });

    }
}

Fred_At_Inalco

@Nick_Furness

Thanks for the great details anwser.

We change our solution to a .net core WorkerService and will try to implement it in.

thanks