{"id":1050,"date":"2019-03-04T14:35:16","date_gmt":"2019-03-04T14:35:16","guid":{"rendered":"http:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/?p=1050"},"modified":"2019-03-05T08:11:45","modified_gmt":"2019-03-05T08:11:45","slug":"como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii","status":"publish","type":"post","link":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/","title":{"rendered":"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III)"},"content":{"rendered":"

\"\"<\/p>\n

Continuamos con la serie de art\u00edculos sobre Identity Server \ud83d\ude42 Tras \u00bb\u00a0C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte I)\u00bb<\/a>, y \u00abC\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte II)\u00bb,<\/a> veremos segmentar nuestra API de una forma similar a Microsoft Graph.<\/a>\u00a0Para ello vamos a aplicar un concepto muy chulo que provee ASP .Net Core:\u00a0 Autorizaci\u00f3n basada en claims (existe otro tipo de autorizaci\u00f3n basado en directivas o requisitos que puedes ver en Autorizaci\u00f3n basada en directivas en ASP.NET Core<\/a>).<\/p>\n

<\/p>\n

Y ahora, a segmentar nuestra API<\/h2>\n

Si record\u00e1is, se han definido dos \u00e1mbitos (APIEmployee y APICustomer) en la configuraci\u00f3n del cliente.<\/p>\n

\r\nnew Client\r\n{\r\n\tClientId = "openIdEncamina",\r\n\tClientName = "Example Implicit Client Application",\r\n\tClientSecrets = new List { new Secret("superSecretPassword".Sha256()) },\r\n\tAllowedGrantTypes = GrantTypes.HybridAndClientCredentials,\r\n\tAlwaysSendClientClaims=true,\r\n\tAllowedScopes = new List\r\n\t{\r\n\t\tIdentityServerConstants.StandardScopes.OpenId,\r\n\t\tIdentityServerConstants.StandardScopes.Profile,\r\n\t\tIdentityServerConstants.StandardScopes.Email,\r\n\t\t"APIEmployee", "APICustomer",\r\n\t\t},\r\n\tRedirectUris = new List { "https:\/\/localhost:44392\/signin-oidc" },\r\n\tPostLogoutRedirectUris = new List { "https:\/\/localhost:44392\/" }\r\n}\r\n<\/pre>\n
Y en la configuraci\u00f3n de OpenId de la aplicaci\u00f3n Web s\u00f3lo se permite usar el scope de APIEmployee.<\/p>\n
\r\nAddOpenIdConnect("oidc", options =>\r\n{\r\n     options.Authority = "https:\/\/localhost:44384\/";\r\n     options.ClientId = "openIdEncamina";\r\n     options.ClientSecret = "superSecretPassword";\r\n     options.SignInScheme = "cookie";\r\n     options.SaveTokens = true;\r\n     options.ResponseType = "code id_token";\r\n     options.GetClaimsFromUserInfoEndpoint = true;\r\n\r\n     options.Scope.Add("openid");\r\n     options.Scope.Add("profile");\r\n     options.Scope.Add("APIEmployee");                 \r\n});\r\n<\/pre>\n
Teniendo esto en cuenta, vamos a implementar lo que se denominan pol\u00edticas en nuestra API .NET Core. Para ello, lo primero que se debe hacer es instalar el paquete Nuget IdentityServer4.AccessTokenValidation<\/strong> y dentro de nuestro proyecto a\u00f1adiremos el siguiente c\u00f3digo en el Startup.cs, con el que implementaremos un m\u00e9todo para establecer las pol\u00edticas.<\/p>\n
\r\npublic void ConfigureServices(IServiceCollection services)\r\n{\r\n    services.AddMvcCore()\r\n            .SetCompatibilityVersion(CompatibilityVersion.Version_2_1)\r\n            .AddAuthorization()\r\n            .AddJsonFormatters();\r\n\r\n    JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();\r\n            \r\n    services.AddAuthentication("Bearer")\r\n            .AddIdentityServerAuthentication(options =>\r\n            {\r\n                options.RequireHttpsMetadata = false;\r\n                options.Authority = "https:\/\/localhost:44384\/";\r\n                options.ApiName = "EncaminaAPI";\r\n            });\r\n\r\n            services.AddPolicies(); \/\/ establecemos pol\u00edticas\r\n        }\r\npublic static class Policy\r\n{\r\n   public static void AddPolicies(this IServiceCollection services)\r\n   {\r\n       services.AddAuthorization(options =>\r\n                    options.AddPolicy("Employee",\r\n                                 policy => policy.RequireClaim("scope", "APIEmployee")));\r\n\r\n            services.AddAuthorization(options =>\r\n                   options.AddPolicy("Customer",\r\n                                policy => policy.RequireClaim("scope", "APICustomer")));\r\n    }\r\n}\r\n<\/pre>\n
Lo que estamos estableciendo es que se creen dos pol\u00edticas en las cuales se revise un claim<\/strong> denominado scope<\/strong> y cuyo contenido sea APIEmployee<\/strong> o APICustomer.<\/strong>
\nEsto es una de las cosas m\u00e1s chulas de ASP.NET Core, ya que permite segmentar nuestra API (controladores) para que dado un token se valide o no teniendo en cuenta en la configuraci\u00f3n del cliente.<\/p>\n
Para implementar esto, en nuestros controladores, agregamos el atributo Authorize con unos par\u00e1metros adicionales que son el nombre de la pol\u00edtica y el tipo de autenticaci\u00f3n, en este caso quedar\u00edan as\u00ed:<\/p>\n
\r\n[Route("api\/[controller]")]\r\n[Authorize("Employee", AuthenticationSchemes = "Bearer")]\r\n[ApiController]\r\npublic class EmployeeController : ControllerBase\r\n{\r\n\r\n      [HttpGet]\r\n      public ActionResult<IEnumerable<Employee>> Get()\r\n      {\r\n            return new Employee[]\r\n            {\r\n                new Employee\r\n                {\r\n                    Name="Cristiano Ronaldo"\r\n                },\r\n                new Employee\r\n                {\r\n                    Name="Luka Modrid"\r\n                },\r\n                new Employee\r\n                {\r\n                    Name="Mohamed Salah"\r\n                },\r\n            };\r\n      }\r\n}\r\n\r\n[Route("api\/[controller]")]\r\n[Authorize("Customer", AuthenticationSchemes = "Bearer")]\r\n[ApiController]\r\npublic class CustomerController : ControllerBase\r\n{\r\n        [HttpGet]\r\n        public ActionResult<IEnumerable<Customer>> Get()\r\n        {\r\n            return new Customer[]\r\n            {\r\n                new Customer\r\n                {\r\n                    Name="Real Madrid"\r\n                },\r\n                new Customer\r\n                {\r\n                    Name="Milan"\r\n                },\r\n                new Customer\r\n                {\r\n                    Name="Atletico de Madrid"\r\n                },\r\n                new Customer\r\n                {\r\n                    Name="F.C. Barcelona"\r\n                }\r\n            };\r\n        }\r\n    }\r\n<\/pre>\n
Vale, \u00bfy esto funciona? Veamos una prueba v\u00eda Postman, empleando para ello el token obtenido en la autenticaci\u00f3n de nuestra aplicaci\u00f3n web.
\nConsumiendo el API de Empleados que s\u00ed tenemos permisos y agregando una cabecera Authorization con contenido Bearer validamos que tenemos respuesta de nuestra API.<\/p>\n
\"\"<\/p>\n
Y consumiendo el de clientes y usando el mismo token, se valida que NO estamos autorizados. Obtenemos un error Http 403.<\/p>\n
\"\"<\/p>\n
Esto funciona chachi!!!<\/p>\n
\u00bfY si se pudiera insertar claims personalizados en el token de acceso usando Identity Server?<\/h2>\n
Como regalito os voy a contar c\u00f3mo desde Identity Server<\/strong>, que hemos visto que cuando hacemos login se genera un token con unos claims por defecto (como nuestros scopes permitidos, el identificador del usuario etc\u2026), podemos establecer los claims que queramos.<\/p>\n
Imaginad que estamos implementando una aplicaci\u00f3n bancaria y necesitamos que en nuestro token de acceso est\u00e9n todos los n\u00fameros de cuenta de un cliente (para luego poder validar si una petici\u00f3n a la API es v\u00e1lida sobre las cuentas de un cliente o NO es v\u00e1lida si es sobre otras cuentas).<\/p>\n
Para ello se crea una clase que implementa el interfaz IdentityServer4.Services.IProfileService.<\/strong><\/p>\n
\r\n\/\/\/ <summary>\r\n\/\/\/ Identity Server Profile service \r\n\/\/\/ <\/summary>\r\npublic class MyProfileService : IProfileService\r\n{\r\n    private readonly ApplicationUserManager _userManager; \r\n\r\n    \/\/\/ <summary>\r\n    \/\/\/ Constructor\r\n    \/\/\/ <\/summary>\r\n    \/\/\/ <param name="userManager"><\/param>\r\n    public ProfileService(ApplicationUserManager userManager)\r\n    {\r\n        _userManager = userManager; \r\n    }\r\n\r\n    \/\/\/ <summary>\r\n    \/\/\/ Get profile data\r\n    \/\/\/ <\/summary>\r\n    \/\/\/ <param name="context"><\/param>\r\n    \/\/\/ <returns><\/returns>\r\n    public async Task GetProfileDataAsync(ProfileDataRequestContext context)\r\n    {\r\n        var user = await _userManager.GetUserAsync(context.Subject);\r\n        var claims = await CustomerAccountsToClaimsAsync(user.UserId).ConfigureAwait(false);\r\n\r\n        \/\/ set accounts to claims in access_token\r\n        context.IssuedClaims.AddRange(claims);\r\n    }\r\n\r\n    \/\/\/ <summary>\r\n    \/\/\/ Is user active\r\n    \/\/\/ <\/summary>\r\n    \/\/\/ <param name="context"><\/param>\r\n    \/\/\/ <returns><\/returns>\r\n    public async Task IsActiveAsync(IsActiveContext context)\r\n    {\r\n        var user = await _userManager.GetUserAsync(context.Subject).ConfigureAwait(false);\r\n        context.IsActive = (user != null) &amp;&amp; user.LockoutEnabled;\r\n    }\r\n\r\n    private async Task<List<Claim>> CustomerAccountsToClaimsAsync(int customerId)\r\n    {\r\n        const string claimType = "accounts";\r\n\r\n        var result = <llamar a nuestra API para recuperar las cuentas de un cliente>;\r\n        var claims = new List<Claim>();\r\n\r\n        result?.ForEach(account =>\r\n        {\r\n            claims.Add(new Claim(claimType, account.Account?.Id.ToString()));\r\n        });\r\n\r\n        return claims;\r\n    }\r\n}\r\n<\/pre>\n
Luego, en Startup.cs de nuestro Identity Server<\/strong> establecemos que el servicio de Profile de Identity Server sea el que acabamos de implementar<\/p>\n
\r\npublic void ConfigureServices(IServiceCollection services)\r\n{\r\n    services.AddMvc();\r\n    services.AddIdentityServer()\r\n             .AddDeveloperSigningCredential()\r\n             .AddInMemoryApiResources(Config.GetApiResources())\r\n             .AddInMemoryClients(Config.GetClients())\r\n             .AddInMemoryIdentityResources(Config.GetIdentityResources()) \/\/ damos de alta nuevos recursos de identidad\r\n             .AddTestUsers(Config.GetUsers()); \/\/ damos de alta usuarios a autenticar\r\n             .AddProfileService<MyProfileService>(); \/\/ usar nuestro servicio de profile personalizado\r\n}\r\n<\/pre>\n
Es f\u00e1cil \u00bfverdad?<\/p>\n
Conclusiones<\/h2>\n
En este art\u00edculo hemos visto que podemos segmentar nuestra API en scopes o \u00e1mbitos, y poder realizar la validaci\u00f3n de la autorizaci\u00f3n empleando para ello pol\u00edticas basadas en claims. Tambi\u00e9n hemos aprendido a que Identity Server, a la hora de devolver el token de acceso, establezca claims personalizados.<\/p>\n
\u00a1HAPPY CODING!<\/p>\n<\/span>","protected":false},"excerpt":{"rendered":"
Continuamos con la serie de art\u00edculos sobre Identity Server \ud83d\ude42 Tras \u00bb\u00a0C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte I)\u00bb, y \u00abC\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte II)\u00bb, veremos segmentar nuestra API … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":185,"featured_media":1055,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70],"tags":[],"class_list":["post-1050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net"],"yoast_head":"\nC\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III) | ENCAMINA<\/title>\n<meta name=\"description\" content=\"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III)\" \/>\n<meta property=\"og:description\" content=\"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/\" \/>\n<meta property=\"og:site_name\" content=\"Piensa en software, desarrolla en colores\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-04T14:35:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-03-05T08:11:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1107\" \/>\n\t<meta property=\"og:image:height\" content=\"888\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sergio Parra Guerra\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergio Parra Guerra\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/\"},\"author\":{\"name\":\"Sergio Parra Guerra\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/#\\\/schema\\\/person\\\/bc314219999e4f7ed909d299efa70f4b\"},\"headline\":\"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III)\",\"datePublished\":\"2019-03-04T14:35:16+00:00\",\"dateModified\":\"2019-03-05T08:11:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/\"},\"wordCount\":1184,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/wp-content\\\/uploads\\\/sites\\\/21\\\/2019\\\/03\\\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg\",\"articleSection\":[\".NET\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/\",\"url\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/\",\"name\":\"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III) | ENCAMINA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/wp-content\\\/uploads\\\/sites\\\/21\\\/2019\\\/03\\\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg\",\"datePublished\":\"2019-03-04T14:35:16+00:00\",\"dateModified\":\"2019-03-05T08:11:45+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/#\\\/schema\\\/person\\\/bc314219999e4f7ed909d299efa70f4b\"},\"description\":\"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.\",\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/wp-content\\\/uploads\\\/sites\\\/21\\\/2019\\\/03\\\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/wp-content\\\/uploads\\\/sites\\\/21\\\/2019\\\/03\\\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg\",\"width\":1107,\"height\":888},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/#website\",\"url\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/\",\"name\":\"Piensa en software, desarrolla en colores\",\"description\":\"Las ventajas que te ofrece Microsoft Azure y el mundo.NET\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/#\\\/schema\\\/person\\\/bc314219999e4f7ed909d299efa70f4b\",\"name\":\"Sergio Parra Guerra\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g\",\"caption\":\"Sergio Parra Guerra\"},\"description\":\"Sergio Parra es Ingeniero T\u00e9cnico en Inform\u00e1tica de Sistemas por la UPSAM. Tiene a sus espaldas much\u00edsimas certificaciones entre las cuales Microsoft Certified Professional y ex Microsoft MVP Visual Studio and Development Technologies. Actualmente es un magn\u00edfico Software & Cloud Architect en ENCAMINA.\",\"url\":\"https:\\\/\\\/blogs.encamina.com\\\/piensa-en-software-desarrolla-en-colores\\\/author\\\/sparra\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III) | ENCAMINA","description":"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/","og_locale":"es_ES","og_type":"article","og_title":"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III)","og_description":"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.","og_url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/","og_site_name":"Piensa en software, desarrolla en colores","article_published_time":"2019-03-04T14:35:16+00:00","article_modified_time":"2019-03-05T08:11:45+00:00","og_image":[{"width":1107,"height":888,"url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg","type":"image\/jpeg"}],"author":"Sergio Parra Guerra","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Sergio Parra Guerra","Tiempo de lectura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#article","isPartOf":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/"},"author":{"name":"Sergio Parra Guerra","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/#\/schema\/person\/bc314219999e4f7ed909d299efa70f4b"},"headline":"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III)","datePublished":"2019-03-04T14:35:16+00:00","dateModified":"2019-03-05T08:11:45+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/"},"wordCount":1184,"commentCount":0,"image":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg","articleSection":[".NET"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/","url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/","name":"C\u00f3mo securizar tus apps con Identity Server y .NET Core (Parte III) | ENCAMINA","isPartOf":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#primaryimage"},"image":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg","datePublished":"2019-03-04T14:35:16+00:00","dateModified":"2019-03-05T08:11:45+00:00","author":{"@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/#\/schema\/person\/bc314219999e4f7ed909d299efa70f4b"},"description":"En este art\u00edculo vamos a segmentar nuestra API en scopes o \u00e1mbitos y a validar la autorizaci\u00f3n empleando pol\u00edticas basadas en claims.","inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/como-securizar-tus-apps-con-identity-server-y-net-core-parte-iii\/#primaryimage","url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg","contentUrl":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-content\/uploads\/sites\/21\/2019\/03\/C\u00f3mo-securizar-tus-apps-con-Identity-Server-III.jpg","width":1107,"height":888},{"@type":"WebSite","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/#website","url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/","name":"Piensa en software, desarrolla en colores","description":"Las ventajas que te ofrece Microsoft Azure y el mundo.NET","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Person","@id":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/#\/schema\/person\/bc314219999e4f7ed909d299efa70f4b","name":"Sergio Parra Guerra","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/59ba4f5f51b231ec5a3ce33035eba3ee35017746169421c702972da2f50574c2?s=96&d=mm&r=g","caption":"Sergio Parra Guerra"},"description":"Sergio Parra es Ingeniero T\u00e9cnico en Inform\u00e1tica de Sistemas por la UPSAM. Tiene a sus espaldas much\u00edsimas certificaciones entre las cuales Microsoft Certified Professional y ex Microsoft MVP Visual Studio and Development Technologies. Actualmente es un magn\u00edfico Software & Cloud Architect en ENCAMINA.","url":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/author\/sparra\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/posts\/1050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/users\/185"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/comments?post=1050"}],"version-history":[{"count":0,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/posts\/1050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/media\/1055"}],"wp:attachment":[{"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/media?parent=1050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/categories?post=1050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.encamina.com\/piensa-en-software-desarrolla-en-colores\/wp-json\/wp\/v2\/tags?post=1050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}