Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thomasdarimont/kc-dnc-demo
PoC for securing AspNetCore based Web Apps with Keycloak.
https://github.com/thomasdarimont/kc-dnc-demo
Last synced: about 1 month ago
JSON representation
PoC for securing AspNetCore based Web Apps with Keycloak.
- Host: GitHub
- URL: https://github.com/thomasdarimont/kc-dnc-demo
- Owner: thomasdarimont
- License: apache-2.0
- Created: 2019-03-06T17:53:10.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-03-29T15:32:55.000Z (over 5 years ago)
- Last Synced: 2024-05-02T00:17:41.225Z (about 2 months ago)
- Language: C#
- Homepage:
- Size: 1 MB
- Stars: 37
- Watchers: 6
- Forks: 15
- Open Issues: 1
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Lists
- awesome-keycloak - Example for Securing AspDotNet Core Apps with Keycloak
README
# PoC for ASP.Net Core Keycloak Integration
Simple example for securing an AspNetCore Web App with Keycloak.The example consists of two modules:
* WebApi - A simple stateless REST Web-Service that is secured with JWT authentication.
* WebApp - A simple Web App that is secured via Keycloak.The WebApp module demonstrates a basic integration with Keycloak by leveraging the built-in OpenID Connect support in AspNetCore which is additionally augmented with Keycloak specific configuration, like client role extraction. Further more, the WebApp calls the WebApi with an Access-Token provided after a successful authentication, to demonstrate calls to backend services.
The following features are currently supported:
* Single-Sign in with Keycloak
* Logout with Keycloak
* Access client specific role information (`resource_access` claim)
* Automatic Access-Token refresh in background
* Extract Access-Token to call backend-services.# Building
Note you need .Net Core 2.2, which you can get here: [.Net Core 2.2 Download](https://dotnet.microsoft.com/download/dotnet-core/2.2)```
dotnet restoredotnet build
```## Setup https for dotnet core
TODO# Running
> Start Keycloak with the dnc-demo Realm
```
docker run \
-d \
--name keycloak-dnc \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
--net=host \
-p 8080:8080 \
-v `pwd`/dnc-demo-realm.json:/config/dnc-demo-realm.json \
-it jboss/keycloak:5.0.0 \
-b 0.0.0.0 \
-Djboss.http.port=8080 \
-Dkeycloak.migration.action=import \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.file=/config/dnc-demo-realm.json \
-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
```> Start the WebApp
```
//TODO
```> Start the WebAPI
```
//TODO
```> Login via https://localhost:5001
* Login as user with tester:test
* Login as admin with arno:test# Third-Party Components
The example uses the following third-party components:
* [Automatic Token Management](https://github.com/IdentityServer/IdentityServer4.Samples/tree/master/Clients/src/MvcHybridAutomaticRefresh/AutomaticTokenManagement)
Automatically renews the Access-Token in the background of the WebApp module.