.NET Core and Auth2/OpenID

As I understand from release notes of 4.5.2 support for oAuth2 and OpenId is dropped due to the DotNetOpenAuth dependency missing for .NET Core. But what about integrating the .NET Core Microsoft.AspNetCore.Authentication.OpenIdConnect, Microsoft.AspNetCore.Authentication.MicrosoftAccount and Microsoft.AspNetCore.Authentication.Google. Could these be used instead of previous ones?

They can’t be used as-is. We’d need to integrate whatever solution we adopt to work with ServiceStack.Auth. You can create a feature request to track features like this.

1 Like

Is it an option to move authentication over to IdentityServer like in this blog post?

You can use Identity Server as detailed in the blog post, it effectively shows how to crate a Custom AuthProvider using Identity Server’s JWT implementation.

This is a different implementation to our own integrated simple Auth Story which includes our own JWT Auth Provider among its many other Auth Providers + Data Store / Session backends.

Thanks. I am trying to decide whether to go for .net core implementation or standard .net – deployment on Linux is not a requirement for my new project, but I am not sure if it’s a good idea to start a new project in standard .net (4.6) - not sure if there will be updates in this technology both for ServiceStack and other related libraries.

.NET Core is a cross-platform subset of .NET 4.6 Framework. i.e. .NET Core can run on .NET 4.6 but not the other way around.

ServiceStack shares a single code-base that targets both NET 4.5+ and .NET Core platforms, new features added to ServiceStack will be available to both platforms where possible. Given .NET Core contains a subset of the APIs available in .NET 4.6+, it’s more likely that there will exist features in .NET 4.6 that are not in .NET Core more than the other way around. Features that are available in .NET Core but not in .NET 4.6 are going to be features that have dependencies on ASP.NET Core classes instead of ASP.NET’s System.Web. When there’s no dependency on ASP.NET Core, .NET Standard libraries should naturally support both platforms going forward.

Microsoft has published a guide on deciding which platform to choose:

My advice is that if you don’t need to run on Linux or plan to Dockerize your Web App than go with .NET 4.6 as the platform and tooling is a lot more stable/mature. Unlike MS Fx’s, as ServiceStack shares the same code-base / APIs if you ever need to, porting ServiceStack Apps from .NET 4.6 to .NET Core is fairly trivial.

1 Like

This is an old topic and feature request is active, and I see you have a release on MyGet.

I’m also coming into this requirement. I’ll checkout the MyGet option later.

Main reason for the reply is I wanted to make you aware of the aspnet-contrib/AspNet.Security.OAuth.Providers project. Not sure how easily it’ll be able to integrate into ServiceStack, but they already have a lot of providers integrated for .NET Core.

Including the ones provided by Microsoft (e.g. Google), they also have

AspNet.Security.OAuth.Amazon
AspNet.Security.OAuth.ArcGIS
AspNet.Security.OAuth.Asana
AspNet.Security.OAuth.Autodesk
AspNet.Security.OAuth.Automatic
AspNet.Security.OAuth.BattleNet
AspNet.Security.OAuth.Beam
AspNet.Security.OAuth.Bitbucket
AspNet.Security.OAuth.Buffer
AspNet.Security.OAuth.CiscoSpark
AspNet.Security.OAuth.DeviantArt
AspNet.Security.OAuth.Discord
AspNet.Security.OAuth.Dropbox
AspNet.Security.OAuth.EVEOnline
AspNet.Security.OAuth.Fitbit
AspNet.Security.OAuth.Foursquare
AspNet.Security.OAuth.GitHub
AspNet.Security.OAuth.Gitter
AspNet.Security.OAuth.HealthGraph
AspNet.Security.OAuth.Imgur
AspNet.Security.OAuth.Instagram
AspNet.Security.OAuth.LinkedIn
AspNet.Security.OAuth.MailChimp
AspNet.Security.OAuth.Myob
AspNet.Security.OAuth.Onshape
AspNet.Security.OAuth.Patreon
AspNet.Security.OAuth.Paypal
AspNet.Security.OAuth.QQ
AspNet.Security.OAuth.Reddit
AspNet.Security.OAuth.Salesforce
AspNet.Security.OAuth.Slack
AspNet.Security.OAuth.SoundCloud
AspNet.Security.OAuth.Spotify
AspNet.Security.OAuth.StackExchange
AspNet.Security.OAuth.Strava
AspNet.Security.OAuth.Twitch
AspNet.Security.OAuth.Untappd
AspNet.Security.OAuth.Vimeo
AspNet.Security.OAuth.VisualStudio
AspNet.Security.OAuth.Vkontakte
AspNet.Security.OAuth.Weibo
AspNet.Security.OAuth.Weixin
AspNet.Security.OAuth.WordPress
AspNet.Security.OAuth.Yahoo
AspNet.Security.OAuth.Yammer
AspNet.Security.OAuth.Yandex

Most of the important OAuth2 providers have been re-implemented without the DotNetOpenAuth dependency and are available for .NET Core in the ServiceStack/Auth folder. The recent additions include:

The primary missing one is Instagram due to Facebook locking access down and requiring manual approval of which I have a request pending to create a new account that I can use test against.

Adding a new OAuth provider generally involves creating a new App in their dev portal, finding all the URLs for their OAuth endpoints, testing it to find out what data they return and map it to an Authenticated UserSession. So they’re straight forward to create when needed.

Another solution would be to use the new NetCoreIdentityAuthProvider which provides a bi-directional mapping that maps an Authenticated .NET Core User to an Authenticated UserSession and vice-versa.