Category: Uncategorized

Token Authentication and .NET

  • ASP.NET Core Identity automatically supports cookie authentication.
  • It is also straightforward to support authentication by external providersusing the GoogleFacebook, or Twitter ASP.NET Core authentication packages.

  • The customer has a local server with business information which will need to be accessed and updated periodically by client devices.
  • Rather than store user names and hashed passwords locally, the customer prefers to use a common authentication micro-service which is hosted in Remote network (Azure) and used in many scenarios beyond just this specific one.
  • This particular scenario is interesting, though, because the connection between the customer’s location (where the server and clients reside) and the internet is not reliable.
  • Therefore, they would like a user to be able to authenticate at some point in the morning when the connection is up and have a token that will be valid throughout that user’s work shift.
  • The local server, therefore, needs to be able to validate the token without access to the Azure authentication service.
  • This local validation is easily accomplished with JWT tokens. A JWT token typically contains a body with information about
    1. the authenticated user (subject identifier, claims, etc.),
    2. the issuer of the token,
    3. the audience (recipient) the token is intended for, and
    4. an expiration time (after which the token is invalid).
    5. The token also contains a cryptographic signature as detailed in RFC 7518.
  • This signature is generated by a private key known only to the authentication server, but can be validated by anyone in possession of the corresponding public key.
  • One JWT validation work flow (used by AD and some identity providers) involves requesting the public key from the issuing server and using it to validate the token’s signature.
  • In our offline scenario, though, the local server can be prepared with the necessary public key ahead of time.
  • The challenge with this architecture is that the local server will need to be given an updated public key anytime the private key used by the cloud service changes, but this inconvenience means that no internet connection is needed at the time the JWT tokens are validated.

authentication server

  • IdentityServer4 is a flexible OpenID Connect framework for ASP.NET Core.
  • Another good option is OpenIddict. Like IdentityServer4, OpenIddict offers OpenID Connect server functionality for ASP.NET Core.
  • Both OpenIddict and IdentityServer4 work well with ASP.NET Identity 3.
  • Please note that both IdentityServer4 and OpenIddict are pre-release packages currently.

Adding Roles

  • ASP.NET Identity 3 includes the concept of roles.
  • To take advantage of this, we need to create some roles which users can be assigned to.
  • In a real application, this would likely be done by managing roles through a web interface.



Raspberry Pi 1 : Hardware Setup

This series of article is for the software engineers who are also interested in electronics/robotics.

Raspberry Pi is the credit card size computer. We may compare it with P3 , 512 MB desktop PC system box. Few people use it as a standalone server or computer. You may find some of the uses in the following link. I connected my external hard disk to it and I’m using it as a file server for my laptop and other PCs.

As a software engineer, my plan is to use Raspberry Pi to code high level language to learn, create and control the basic electronic/digital/robotic circuits via GPIO interface in the shortest period of time.

In order to get started with the Raspberry Pi, please purchase Raspberry Pi Model B. People from Tamilnadu, India can order from Simple Labs (and for me they delivered within 24 hours even to the remote location in Tamilnadu).

Price of Raspberry Pi in India as of 19th September 2013 is:

  • RASPBERRY PI – MODEL B – 512MB – Rs.3,465.00 (with free GPIO cable)
  • Low Cost Case for Raspberry Pi – Rs.262.50

As I have a laptop, I planned to use it as headless device (means using it with remote desktop, without separate monitor, keyboard, mouse). Even for that, you may need to purchase additional components, wires and connectors.

  1. SDHC memory card or Micro SD card with adapter (4 GB min/32 GB Max). Please ensure that card is of Class 10 type. As memory card will be used as permanent storage, Class 10 is essential to achieve high disk I/O performance. Cheap Class 4 type card will degrade the disk I/O performance.

  2. 5 V 2 Amp DC adapter (1 Amp is also OK)
    • All recent model mobile phones comes with micro USB male adapter. Please check the Ampere rating, it should be at least 1 Amp(otherwise in peak power consumption, Raspberry Pi may restart)

    • You may connect the board to normal PC/laptop via USB to micro USB cable also. But your PC/laptop should support power ratings as mentioned earlier.

  3. RJ 45 network cable to connect with Laptop/PC/Hub/Switch:

  4. (optional) Normal mobile earphone to listen to audio from raspberry:

Connecting the wires/components is a straight forward process. If you need detailed description, please check the following references:

  1. RPi Hardware Basic Setup
  2. FAQs

Assembling the Case



Raspberry Pi Ports

Assembled Raspberry Pi

The next part in this series will be installing the OS. Meanwhile, please check the video of Hello World output from Raspberry Pi GPIO using C Language.