applicationhost.config
<requestFiltering>
<requestLimits maxAllowedContentLength="30000000" maxQueryString="32768"/>
</requestFiltering>
In our test case we are chaining up 2 idps, which starts to build up a pretty big request query string.
All these examples are based on the following;
- asp.net 2.1 WebApp
- asp.net identity
- Neo4J desktop
The User Database - PagesWebApp.AspNetCoreNeo4j
The Federated Gateway - PagesWebApp.AspNetCoreNeo4j.Support
The KBA End User IDP. This points to the same user database as the federated gateway. It uses the challenge factors to authenticate the user. - PagesWebApp.AspNetCoreNeo4j.SupportAgent
The External SupportAgent IDP. This points to an isolated SupportAgent user data in neo4j.
"neo4JConnectionConfiguration": {
"connectionString": "bolt://127.0.0.1:7687",
"userName": "neo4j",
"password": "password"
}
Make sure you create a project in Neo4j using the above settings. The following projects require Neo4J;
PagesWebApp.AspNetCoreNeo4j
PagesWebApp.AspNetCoreNeo4j.Support
PagesWebApp.AspNetCoreNeo4j.SupportAgent
PagesWebApp
This Federated Gateway is using the out-of-the-box framework provided by Microsoft.
PagesWebApp.AspNetCoreNeo4j
This Federated Gateway is using Neo4j as its user store. It also points to our End User KBA IDP as an external IDP.
PagesWebApp.AspNetCoreNeo4j.Support
This IDP shares the same Neo4j user database as PagesWebApp.AspNetCoreNeo4j. The end user KBA IDP is used by a support agent to ask many factor questions which results in a login. The KBA idp returns an id_token that has the end user as the subject, but it contains a bunch of claims that identifies the support agent and the KBA questions that where used to get this identity.
Don't forget to add many factors to a user using the Federated Gateway PagesWebApp.AspNetCoreNeo4j;
Here is an example of what in id_token has in it after a KBA Login.
PagesWebAppClient
This is a full on asp.net 2.1 Identity app, which has its own user database. This is what you would typically see pointing to Google, Twitter, and our own OIDC PagesWebApp
PagesWebAppClient-NoUserDatabase
This is still using asp.net 2.1 Identity, however the user database is in-memory. A little trick I do is during the ExternalLogin Callback I create the user, sign them in, and then promptly delete the user. I have found out that in the case of using an external system as my user database, that there is no need to call any UserManager stuff. This one only points to our single OIDC PagesWebApp
learnrazorpages
IdentityServer4.AspNetIdentity
asp.net core 2.1
AspNetCore.Identity.Neo4j