Identity Server 4 (Part 1) Scenarios

IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core or that is what it says in the tin. This open source software has been designed to add complementary parts, what I am trying to say is, that this is not a finished product. If you want to integrate it, you have to work on it.
The way it works it is simple but very complex because there is a middleware written, that makes the whole process invisible. So for you, it should be very simple to add but to modify it is a different subject.

So in order to make everything to work smoothly I decided to create different scenarios, to see how Identity works.

Folder Structure: One solution with four projects, where one of them is Identity Server.

Step 1

We create a simple .NET Core console App. This is going to act as a consumer of Identity Server. So it is going to be the guy in charge of calling Identity getting the authentication and then call the API with that token issued by Identity Server.

We can copy all this code in the program.cs, don´t forget to put your own namespace. In this case I have call the project “Console.Consumer.Identity”.

Azure Key Vault, Managing Secrets with AAD

Azure Key vault is a cryptographic key management service based on FIPS-validated Hardware security modules (HSMs). This service is a public Azure service that will, over time, be the trust root for important Microsoft first party services, for third party services seeking to offer higher assurances, and for your own custom line of business (LOB) Azure-hosted applications. It offers an Azure Key Vault service, a SQL Server Connector, and an Cloudlink SecureVM.

The interaction with Azure Key Vault can be done in many ways, from masterkey, powershell, .NET, RESTful api, Java etc.

In the following post I am going to do an end to end of how to create a "Secret" in Azure Key Vault, and retrieve it from the console.

Step 1 - Create a Vault for your keys and secret in Azure

Step 2 - Create the Secret (some kind of connection string or key from a provider), I called it HMAC

Step 3 - Probably the hardest, find all the bits and pieces to retrieve the secret. It happens that in orger to get the "Secret" from Azure Key Vault, you need authentication, this is provided by Azure Active Directory. So the next step will be to register our application (the one will be using Azure Key Vault). So lets go for it:

Azure Active Directory-> App Registrations -> New application registration

Step 4 - It is time to get the Application ID, also called ClientID (For security reasons some info has been removed, but as long you have your ClientID, all will be fine)

Step 5 -The next thing we need is the ClientSecret. Go to Settings->Keys. Put a name in the key and duration. A new key will be generated automatically. That is your ClientSecret !

Step 6 - We almost there with Azure. We have just need to tell Key Vault to give access to ur application from  Azure Active Directory so it can access to the keys.

Home->Your Key Vault->Access Policies

Step 7 - In our application in Azure Active Directory will have to allow Azure Key Vault to access to it. We will go to Azure Active Directory->App registrations-> [Our App Name] -> Settings -> Required Permissions-> Add -> Select API -> Azure Key Vault

Step 8- Delegate permissions to the service.

Step 9 - A JSON file needs to be created for "MasterKey" (the program in charge of retrieving the secret) See below. Save it as azuresecret.json in the folder C:\usr\local\.masterkey\ .

Replace your ClientID for mine

Replace your ClientSecret for mine

{

  "nodeAppName":{

    "clientId":"8586f230-AAAA-40d1-9eeb-574459b35077",

    "clientSecret": "JTqMWnQPOncAAOc11x52oIAlHYp71iCajba5lXSAAok=",

    "vaultUri": "https://my.vault.azure.net/"

  }

}

Step 10 - Install MasterKey:

Step 11 - Execute the file with your key vauly url, this should be the result:

Conclusion

This is a proof of concept will help you to not just understand how Azure Key Vault works behind the scenes, but also to check if the configuration is right.

Continuous Code Quality with .NET, Sonarqube and Docker

Coming back to the devops world, we have realised that there is a platform is becoming very successful in the Java stack, called Sonarqube. Luckly for .NET developers, Microsoft have decided to lend some of the Microsoft developers to improve the C# side of Sonarqube.

Sonarqube is a product based in a MySql database and a set of rules. This product is free, so if you are a dev I will reconsider to install it in your machine. You will learn good practices, and will have a second opinion of your code. On the top of this, you can develop propel productive code.

We have seen few articles about setting up Sonarqube in Windows for C# but to be honest, we have decided to follow our own way, so instead of installing an Apache server + MySql and all the programs needed, we will be creating an instance of a Docker Sonarqube image. What are the advantages? well, we can spin our own machine whenever we want, and have a configured instance we can carry with us.

So how are we going to do it? To have a different approach than my previous article, we are going to use Kitematic , it is some kind of nice UI for Docker. We assume you have installed Docker for Windows already, so no download Kitematic and install it.

Skip the login and open the program. Go to search and type sonarqube. A list of images should come up, select the official one (the first one)

Click in create. It will create an instance of SonarQube, and it will give you an address to access to SonarQube in this case is localhost:32769, bear in mind that SonarQube runs in port 9000 but 9000 in the Docker instance is binded to your local 32769:

If the last line looks like this, that means you have SonarQube running

Now you can go to your browser and type http://localhost:32769, click in Login and enter as user admin and password admin

Now let’s go to create a small windows forms project called MyProject1. We will save it on C:\work\MyProject1\MyProject1\ . The folder content will look like this

Time to install the client, Sonar Scanner, which will send our project to SonarQube (it will take one min). Download and unzip the SonarQube Scanner (let's say in "C:\sonar-scanner"). Go “"to “This PC in Windows 10->Right click->Properties” and add in the Environmental Variables area a new Path “C:\sonar-scaner”

Then we are going to tell Sonar Scanner where our project lives, so it can analysed it. Open a file called sonar-scanner.properties which lives on C:\sonar-scanner\conf

Edit the file, and add few lines (see below) should look like this after adding the lines:

#Configure here general information about the environment, such as SonarQube DB details for example
#No information about specific project should appear here

#----- Default SonarQube server
#sonar.host.url=http://localhost:9000

#----- Default source code encoding
#sonar.sourceEncoding=UTF-8

#----- Global database settings (not used for SonarQube 5.2+)
#sonar.jdbc.username=sonar
#sonar.jdbc.password=sonar

#----- PostgreSQL
#sonar.jdbc.url=jdbc:postgresql://localhost/sonar

#----- MySQL
#sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8

#----- Oracle
#sonar.jdbc.url=jdbc:oracle:thin:@localhost/XE

#----- Microsoft SQLServer
#sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor

PROJECT_HOME = C:\work\MyProject1\MyProject1\
#sonar.sourceEncoding=UTF-8
sonar.host.url=http://localhost:327689

sonar.sourceEncoding=UTF-8
sonar.cobol.copy.directories=/copy
sonar.visualstudio.enable=true

sonar.projectKey=MyProject1
sonar.projectName=MyProject1
sonar.projectVersion=1.0
sonar.sources=.
sonar.language=cs
sonar.dotnet.visualstudio.solution.file=MyProject1.sln
sonar.dotnet.excludeGeneratedCode=true
sonar.dotnet.4.0.sdk.directory=C:/Windows/Microsoft.NET/Framework/v4.0.30319
sonar.dotnet.version=4.5.2

Save the file and open CMD with “Run as Administrator”, then navigate to your project folder C:\work\MyProject1\MyProject1\ and type sonar-scanner

And you should get something like this

Let’s go to check the project, go to http://localhost:32769 and navigate to “Projects->explore projects->Click in MyProject1” you should get a screen like this (I have added a condition for the comments, so it fails):