tdc2016sp - unificando a autenticação e controlando acesso a api com identityserver 4
TRANSCRIPT
Unificando a autenticao e controlando acesso a API com IdentityServer 4
Unificando a autenticao e controlando acesso a API com IdentityServer 4Trilha Arquitetura .NETHeber Ortiz Pereira@HeberOrtiz
Globalcode Open4education
Globalcode Open4education
Sobre mimDesenvolvedor (18 anos)@ Lambda3Microsoft Certified Trainer
@HeberOrtizhttp://do.net.br || http://blog.lambda3.com.br http://youtube.com/donetbr
Globalcode Open4education
Globalcode Open4education
Globalcode Open4education
Acreditamos que o momento de discutir Diversidade na TI.Pessoas maravilhosas existem sob todas as bandeiras, formas e opes, e queremos ajudar a construir ambientes inclusivos, diversos e tolerantes em toda a indstria de software.3
Negcios so complexos
Globalcode Open4education
ProblemasEmpresas possuem muitas aplicaespara atender seu negcio
Globalcode Open4education
ProblemasArquitetura das aplicaes so cada vez mais baseadas em servios(microservices)
Globalcode Open4education
ProblemasComo autenticar e autorizar usurios e sistemas?
Globalcode Open4education
Tpica aplicao
fonte: https://identityserver.github.io/Documentation/docsv2/overview/bigPicture.html
Globalcode Open4education
Autenticao e Autorizao como ServioSingle Sign-on / Single Sign-outAutentique-se uma nica vez e use em todas as aplicaes
Globalcode Open4education
Autenticao e Autorizao como ServioAutorizao para APIs com o uso de Tokens
Globalcode Open4education
Qual o comportamento esperado?DEMO
Globalcode Open4education
Seria Mgica?
Globalcode Open4education
Fingindo poderes mentais...
Globalcode Open4education
SUMIU !!!!
Globalcode Open4education
Qual o Segredo?
Globalcode Open4education
Como Funciona?
fonte: https://identityserver.github.io/Documentation/docsv2/overview/bigPicture.html
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Terminologia
Globalcode Open4education
Authentication as a ServiceSingle Sign-on / Sign-outAccess Control for APIsFederationCustomization everywhereIdentityServer4 for ASP.NET Core 1.0
Globalcode Open4education
HORA DO SHOW,POPOMBAS!!!
Globalcode Open4education
Globalcode Open4education
Criando um servidor de identidade e dois clientes MVCDEMO
Globalcode Open4education
Endpoints
Globalcode Open4education
Implicit FlowFIDDLER com REDIRECT e detalhes da URL
Globalcode Open4education
Implicit FlowFIDDLER com POST (direita)
Globalcode Open4education
Implicit FlowFIDDLER com POST (FORM e TOKENS)
Globalcode Open4education
Implicit FlowFIDDLER com POST (FORM e TOKENS)
Globalcode Open4education
JWT.IO ID_TOKEN
Globalcode Open4education
Globalcode Open4education
JWT.IO ACCESS_TOKEN
Globalcode Open4education
Globalcode Open4education
Implicit FlowOs Tokens ficam expostos no clientAplicaes front-endDispositivos mveis (no oficiais)
Globalcode Open4education
Code FlowDEMO
Globalcode Open4education
Code FlowApenas um cdigo aleatrio exposto no cliente
Obteno do token do lado do serverCenrio mais comumFront + BackClientes confidenciais
Globalcode Open4education
Segurana de APIDEMO
Globalcode Open4education
J Acabou??
Globalcode Open4education
Outros Fluxos
Resource Owner Password Credential Flowback channelclientes confiveis
Client Credentials Flowback channelcomunicao entre servios
Globalcode Open4education
Refernciashttps://github.com/IdentityServerhttps://leastprivilege.com/http://oauth.net/2/http://openid.net/connect/
Globalcode Open4education
ObrigadoHeber Ortiz Pereira@HeberOrtiz
Avaliem a palestra pelo aplicativo do TDC
Globalcode Open4education
Globalcode Open4education
null1175.5098null1175.5098