All Projects → Nordes → Identityserver4.ldapextension

Nordes / Identityserver4.ldapextension

Licence: mit
IdentityServer4 Ldap Extension (OpenLdap or ActiveDirectory)

Projects that are alternatives of or similar to Identityserver4.ldapextension

Identityserver4aspnetcoreidentitytemplate
An ASP.NET Core 3.1 IdentityServer4 Identity Bootstrap 4 template with localization
Stars: ✭ 262 (+60.74%)
Mutual labels:  nuget, identityserver4
Modernarchitectureshop
The Microservices Online Shop is an application with a modern software architecture that is cleanly designed and based on.NET lightweight technologies. The shop has two build variations. The first variant is the classic Microservices Architectural Style. The second one is with Dapr. Dapr has a comprehensive infrastructure for building highly decoupled Microservices; for this reason, I am using Dapr to achieve the noble goal of building a highly scalable application with clean architecture and clean code.
Stars: ✭ 154 (-5.52%)
Mutual labels:  identityserver4
Identityserver4 Example
Example IdentityServer 4 Implementation
Stars: ✭ 136 (-16.56%)
Mutual labels:  identityserver4
Steamkit
SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to perform various actions on the network.
Stars: ✭ 1,926 (+1081.6%)
Mutual labels:  nuget
Owaspheaders.core
A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
Stars: ✭ 138 (-15.34%)
Mutual labels:  nuget
Ether.network
https://github.com/Eastrall/Sylver
Stars: ✭ 147 (-9.82%)
Mutual labels:  nuget
Entrypoint
Composable CLI Argument Parser for all modern .Net platforms.
Stars: ✭ 136 (-16.56%)
Mutual labels:  nuget
Adsips
PowerShell module to interact with Active Directory using ADSI and the System.DirectoryServices namespace (.NET Framework)
Stars: ✭ 160 (-1.84%)
Mutual labels:  activedirectory
Megaapiclient
MegaApiClient is a C# .Net library to access http://mega.co.nz / http://mega.nz cloud storage and file hosting service.
Stars: ✭ 151 (-7.36%)
Mutual labels:  nuget
Msbuild.sdk.sqlproj
An MSBuild SDK that provides similar functionality to SQL Server Data Tools (.sqlproj) projects
Stars: ✭ 142 (-12.88%)
Mutual labels:  nuget
Plugin.audiorecorder
Audio Recorder plugin for Xamarin and Windows
Stars: ✭ 140 (-14.11%)
Mutual labels:  nuget
Paket
A dependency manager for .NET with support for NuGet packages and Git repositories.
Stars: ✭ 1,787 (+996.32%)
Mutual labels:  nuget
Dotnetcore
.NET 5 Nuget Packages.
Stars: ✭ 146 (-10.43%)
Mutual labels:  nuget
Wkhtmltopdf.netcore
Rotativa + Net Core
Stars: ✭ 137 (-15.95%)
Mutual labels:  nuget
Confluent Kafka Dotnet
Confluent's Apache Kafka .NET client
Stars: ✭ 2,110 (+1194.48%)
Mutual labels:  nuget
Bingmapsresttoolkit
This is a portable class library which makes it easy to access the Bing Maps REST services from .NET.
Stars: ✭ 136 (-16.56%)
Mutual labels:  nuget
Zipstorer
A Pure C# Class to Store Files in Zip
Stars: ✭ 139 (-14.72%)
Mutual labels:  nuget
Eventflow
Async/await first CQRS+ES and DDD framework for .NET
Stars: ✭ 1,932 (+1085.28%)
Mutual labels:  nuget
Citrus.avalonia
Modern styles for Avalonia controls.
Stars: ✭ 161 (-1.23%)
Mutual labels:  nuget
Stock.indicators
Stock indicator technical analysis library package for .NET. Send in historical price quotes and get back desired technical indicators. Nothing more. It can be used in any market analysis software using standard OHLCV price quotes for equities, commodities, forex, cryptocurrencies, and others. We had private trading algorithms, machine learning, and charting systems in mind when originally creating this community library. Current indicators include: Accumulation/Distribution Line (ADL), Aroon Oscillator, Arnaud Legoux Moving Average (ALMA), Average Directional Index (ADX), Average True Range (ATR), Awesome Oscillator (AO), Balance of Power (BOP), Beta Coefficient, Bollinger Bands®, Chaikin Money Flow (CMF), Chaikin Oscillator, Chandelier Exit, Choppiness Index (CHOP), Commodity Channel Index (CCI), ConnorsRSI, Correlation Coefficient, Donchian Channels, Double Exponential Moving Average (DEMA), Elder-ray Index, Exponential Moving Average (EMA), Force Index, Fractal Chaos Bands (FCB), Gator Oscillator, Heikin-Ashi, Hull Moving Average (HMA), Ichimoku Cloud, Kaufman's Adaptive Moving Average (KAMA), KDJ Index, Keltner Channels, Momentum Oscillator, Money Flow Index (MFI), MESA Adaptive Moving Averages (MAMA), Moving Average Convergence/Divergence (MACD), Moving Average Envelopes, On-balance Volume (OBV), Parabolic SAR (stop and reverse), Percentage Volume Oscillator (PVO), Pivot Points and Rolling Pivot Points, Price Channels, Price (Comparative) Relative Strength (PRS), Price Momentum Oscillator (PMO), Rate of Change (ROC), Relative Strength Index (RSI), R-Squared (Coefficient of Determination), Simple Moving Average (SMA), Slope and Linear Regression, Smoothed Moving Average (SMMA), Standard Deviation, Stoller Average Range Channel (STARC) Bands, Stochastic Oscillator, Stochastic RSI, SuperTrend, Tillson T3 Moving Average, Triple Exponential Moving Average (TEMA), Triple EMA Oscillator (TRIX), True Strength Index (TSI), Ulcer Index, Ultimate Oscillator, Volume Simple Moving Average, Volume Weighted Average Price (VWAP), Vortex Indicator (VI), Weighted Moving Average (WMA), Williams %R, Williams Alligator, Williams Fractal, and Zig Zag.
Stars: ✭ 157 (-3.68%)
Mutual labels:  nuget

License Build status NuGet

IdentityServer4.LdapExtension

IdentityServer4 Ldap Extension (OpenLdap or ActiveDirectory).

Installation

The plugin is easy to install to your solution. Built using .Net Standard 2.0. The Nuget package can be installed by either searching the package IdentityServer.LdapExtension or by typing the following command in your package console:

Install-Package IdentityServer.LdapExtension

Be aware of the dependency with IdentityServer4. The version of the package is visible in your Visual Studio or through Nuget.org.

  • Ldap Extension 2.0.0 goes with IdentityServer 2.2.x
  • Ldap Extension 2.1.7 goes with IdentityServer 2.3.x
  • Ldap Extension 2.1.8 goes with IdentityServer 2.4.x

Configuration for IdentityServer4 Server

An easy extension method have been created in order to add the LDAP as a provider to your IdentityServer. For this you simply have to use the AddLdapUsers<TApplicationUser>(LdapConfigSection, StoreTypeOrCustomStore). The configuration has to be provided or it won't work. The configuration is described here.

In the Startup.cs under ConfigureServices method, you will have something similar to the following by default (Starter pack for IdentityServer). The last line is what you will need to add in order to get started.

// ... Code ...
services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    //.AddSigningCredential(...)
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryApiResources(Config.GetApiResources())
    .AddInMemoryClients(Config.GetClients())
    .AddLdapUsers<OpenLdapAppUser>(Configuration.GetSection("MyConfigurationSection"), UserStore.InMemory);
// ... Code ...

Application User: 2 (OpenLdapAppUser, ActiveDirectoryAppUser) have been provided with this extension, but you can use your own as long as you implement the interface IAppUser. I encourrage you to provide your own implementation. You might want to have claims/roles based on an active directory group or your attributes within LDAP are not the one I have defined.

Store types:

  1. UserStore.InMemory: Can be used when you test locally. It stores the logged in user in memory in order to avoid querying the LDAP server over and over. It is also used in order to store the external logged in user details (Google, Facebook, etc.).
  2. UserStore.Redis: Same as in memory, but is persisted and will be ready when you restart.
  3. ILdapUserStore implementation: Build your own store implementation and pass it as a parameter.

AppSettings Configuration

The appsettings.json will require a configuration for the extension. Here's an example using OpenLdap:

{
  "MyConfigurationSection": { // Name can be of your choosing
    "Url": "localhost",
    "Port": 389,
    "BindDn": "cn=ldap-ro,dc=contoso,dc=com",
    "BindCredentials": "[email protected]!",
    "SearchBase": "ou=users,DC=contoso,dc=com",
    "SearchFilter": "(&(objectClass=posixAccount)(objectClass=person)(uid={0}))"
    // "Redis": "localhost:32771,ssl=false", // Required if using UserStore.Redis 
  }
}

If you want to see a working demo, you can open the implementation available the sample folder. It is based on the QuickStart from IdentityServer4 WebSite.

Multiple concurent Ldap (For different DN, or totally different Ldap)

In the case you would have a need to have multiple configuration to either connect to different LDAP servers or to even connect to different part of the directory (multiple area for the DN), this feature have been requested and it should be able to allow different type of AD to live together. The AAD is of course not part of this. In case you would like to use AAD, there's either other connector or you can also write your own.

The usage of multiple configuration will bring some issues, so here's the rules:

  1. Configurations needs to be all the same type, except if you have a custom LDapUser and you're not using the one provided in this extension.
  2. Rules for preFilterRegex can discriminate in order to not try on all the LDAP server the credential/password for faillure. It also avoid having some kind of DoS on all your server in case of attack.
  3. If we have multiple LDAP configuration that are ok with the preFilterRegex, then the validation is done async (To be confirmed) and the first server to answer OK will be the one to use in order to get the information. The issue in that case is that it will try to call all your servers and that's probably not something you wish for.
  4. If it does not match anything, the extension will send back automatically a user not found.

By default the cache is using InMemory, but you can also use Redis. It needs to be set in the global configuration when multiple Ldap entries. This avoid having custom code for each Ldap.

Quick and Simple Example of a Configuration

2 configurations using a preFilterRegex for discrimination.

  "IdentityServerLdap": {
    // Example: If you use a redis instead of in-memory (See Startup.cs)
    //"redis": "localhost:32771,ssl=false",
    //"RefreshClaimsInSeconds": 3600,
    "Connections": [
      {
        "FriendlyName": "OpenLdap-Users",
        "Url": "localhost",
        "Port": 389,
        "Ssl": false,
        "BindDn": "cn=ldap-ro,dc=contoso,dc=com",
        "BindCredentials": "[email protected]!",
        "SearchBase": "ou=users,DC=contoso,dc=com",
        "SearchFilter": "(&(objectClass=posixAccount)(objectClass=person)(uid={0}))",
        "PreFilterRegex": "^(?![a|A]).*$" // not mandatory and will take everything not starting with A
      },
      {
        "FriendlyName": "OpenLdap-BuzzUsers",
        "Url": "localhost",
        "Port": 389,
        "Ssl": false,
        "BindDn": "cn=ldap-ro,dc=contoso,dc=com",
        "BindCredentials": "[email protected]!",
        "SearchBase": "ou=users-buzz,DC=contoso,dc=com",
        "SearchFilter": "(&(objectClass=posixAccount)(objectClass=person)(uid={0}))",
        "PreFilterRegex": "^([a|A]).*$" // not mandatory and will take everything not starting with A
      }
    ]
  }

In startup, the same as a single configuration. Basically the configuration section and nothing more. If it's a single configuration, it will upgrade the single configuration to act like a multi-configuration. It is recommended from now on to use the multi-configuration style. It's easier to handle the Redis and other new features if any comes.

You don't have an LDAP for your tests, use a OpenLdap docker image instead!

It's not a big problem. I wrote a small tutorial/article in order to setup an entire OpenLdap server within Docker in order to not pollute your PC and also to avoid relying on network admnistrator. That way you can play with existing users or create your own users directory. The tutorial/article is available at HoNoSoFt website.

Features in progress

I plan to work on the following:

  • Implement the SSL
  • Implement a cache invalidation based on time (After x time without being hit, remove from redis or from memory).

Contributors

Main contributor

  • @Nordes: The main author of the package (@me)

Special thanks to

License

MIT

Regarding the IdentityServer4 Sample - Apache 2 (due to original code a bit updated)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].