Archive Search
Rss feed GitHub Twitter Facebook LinkedIn BitBucket SoundCloud

@manhng

Welcome to my blog!

OAuth 2.0 and OpenID Connect

October 24, 2019 09:14

OAuth 2.0 / OpenID Connect Explained (edit)

https://benohead.com/oauth-2-0-openid-connect-explained/

The provided anti-forgery token was meant for a different claims-based user than the current user.

https://brockallen.com/2012/07/08/mvc-4-antiforgerytoken-and-claims/

https://stackoverflow.com/questions/18097401/the-anti-forgery-cookie-token-and-form-field-token-do-not-match-in-mvc-4

https://stackoverflow.com/questions/23366667/system-web-mvc-httpantiforgeryexception-mvc-5

https://www.developerfusion.com/tools/generatemachinekey/

ASP.NET MVC: The required anti-forgery form field “__RequestVerificationToken” is not present

https://benohead.com/asp-net-mvc-the-required-anti-forgery-form-field-__requestverificationtoken-is-not-present/

The anti-forgery cookie token and form field token do not match.

I resolved the issue by explicitly adding a machine key in web.config.

Note: For security reason don't use this key. Generate one from https://support.microsoft.com/en-us/kb/2915218#AppendixA.

Dont use online-one, details, http://blogs.msdn.com/b/webdev/archive/2014/05/07/asp-net-4-5-2-and-enableviewstatemac.aspx

 <machineKey validationKey="971E32D270A381E2B5954ECB4762CE401D0DF1608CAC303D527FA3DB5D70FA77667B8CF3153CE1F17C3FAF7839733A77E44000B3D8229E6E58D0C954AC2E796B" decryptionKey="1D5375942DA2B2C949798F272D3026421DDBD231757CA12C794E68E9F8CECA71" validation="SHA1" decryption="AES" />

Here's a site that generates unique Machine Keys:

http://www.developerfusion.com/tools/generatemachinekey/

Protecting your ASP.NET Web API using OAuth2 and the Windows Azure Access Control Service

https://www.developerfusion.com/article/147914/protecting-your-aspnet-web-api-using-oauth2-and-the-windows-azure-access-control-service/

https://github.com/maartenba/WindowsAzure.Acs.Oauth2

Tags: OAuth 2.0, OAuth 2, OpenID Connect, The provided anti-forgery token was meant for a different claims-based user than the current user, The anti-forgery cookie token and form field token do not match
Categories: OpenID Connect | OAuth 2 | OAuth 2.0 | The provided anti-forgery token was meant for a different claims-based user than the current user | The anti-forgery cookie token and form field token do not match
comment

OAuth2 + OpenID Connect (in English)

October 12, 2019 17:22

Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more) (edit)

https://www.youtube.com/watch?v=2PPSXonhIck

OAuth 2.0 and OpenID Connect (in plain English)

https://www.youtube.com/watch?v=996OiexHze0

OAuth 2.0 terminology

  • Resource owner
  • Client
  • Authorization server
  • Resource server
  • Authorization grant
  • Redirect URI
  • Access token

 

Test OAuth 2.0 requests and debug responses.

https://oauthdebugger.com/

Decode, verify and generate JWT

https://jwt.io/

OpenID Connect

Test OpenID Connect requests and debug responses.

https://oidcdebugger.com/

https://www.websiterank.co.uk/vi/domain/manhng.com/

Microsoft

https://devblogs.microsoft.com/aspnet/2019/10/

Generate Code using T4 Template

https://devblogs.microsoft.com/aspnet/how-to-customize-the-generated-files-from-the-new-scaffolded-item-dialog/

Identity Server 4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core

https://github.com/IdentityServer

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core

Additional resources

JWT

https://docs.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/

https://abelsquidhead.com/index.php/2017/12/18/using-tokens-and-cookies-for-authorization-for-asp-net-core-2-0/

https://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/

https://salslab.com/a/jwt-authentication-and-authorisation-in-asp-net-core-web-api

https://www.blinkingcaret.com/2018/07/18/secure-an-asp-net-core-web-api-using-cookies/

https://garywoodfine.com/asp-net-core-2-2-jwt-authentication-tutorial/

http://www.dotnetpedia.com/nityaprakash/Blog/2017/Oct/1029/JWT-Token-based-Authentication-in-ASP-Net-Core-Web-API

https://www.meziantou.net/jwt-authentication-with-asp-net-core.htm

https://fullstackmark.com/post/13/jwt-authentication-with-aspnet-core-2-web-api-angular-5-net-core-identity-and-facebook-login

https://amanagrawal.blog/2017/09/18/jwt-token-authentication-with-cookies-in-asp-net-core/

https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

http://www.binaryintellect.net/articles/1fdc8b3f-06a1-4f36-8c0b-7852bf850f52.aspx/

https://www.red-gate.com/simple-talk/dotnet/net-development/using-auth-cookies-in-asp-net-core/

https://www.c-sharpcorner.com/blogs/jwt-based-tokenisation-via-net-core

JWT in ASP.NET 3.0

https://jasonwatmore.com/post/2019/10/11/aspnet-core-3-jwt-authentication-tutorial-with-example-api

https://dotnetdetail.net/asp-net-core-3-0-web-api-token-based-authentication-example-using-jwt-in-vs2019/

https://www.codeproject.com/Articles/5160941/ASP-NET-CORE-Token-Authentication-and-Authorizatio

https://www.c-sharp.vn/dot-net-core/dot-net-core-bearer-token-with-jwt-e477ff

BASIC JAVASCRIPT PROJECTS

https://www.youtube.com/watch?v=Kp3HGwlXwCk

Tags: OAuth2, OpenId Connect, JWT
Categories: OAuth2 | OpenId Connect | JWT
comment

Categories

Recent posts

Popular tags