Getting started with Amazon Cognito

03 August 2020

What is Amazon Cognito?

Amazon Cognito provides authentication, authorization and user management for web and mobile apps. Users can sign-in directly with a username and password or through a third party such as Facebook, Amazon, Google or Apple.

Components

• User pools:
  • User pools are user directories that provide sign-up and sign-in options for the application users.
• Identity pools:
• • Identity pools are used to grant users access to other AWS services.

Features of Amazon Cognito

User pools:

It is a user directory in Amazon Cognito.  Users can sign in to a web or mobile app through Amazon Cognito, or federate through a third-party identity provider. Whether users sign in directly or through a third party, all members of the user pool have a directory profile that can be accessed by an SDK.

User pools provide:

• Sign-up and sign-in services.
• A built-in, customizable web UI to sign-in users.
• Social sign-in with Facebook, Google, Login with Amazon and Sign-in with Apple, through SAML and OIDC identity providers from the user pool.
• User directory management and user profiles.
• Security features such as multi-factor authentication, checks for compromised credentials, account takeover protection and phone or email verification.
• Allows customized workflows and user migration through AWS Lambda triggers.

Identity pools:

With an identity pool, users can obtain temporary AWS credentials to access the AWS services, such as Amazon S3 and DynamoDB. It supports anonymous guest users and the following identity providers to authenticate users for identity pools:

• SAML identity providers
• Amazon Cognito user pools
• OpenID Connect providers  (OIDC)
• Social sign-in with Facebook, Google and Login with Amazon
• Developer authenticated identities

Amazon Cognito Pricing

How Amazon Cognito fosters security?

• Users can sign-in through social identity providers such as Google, Facebook, and Amazon. Also, they can use the enterprise identity providers (Microsoft Active Directory using SAML).
• Uses identity management standards like OpenID Connect, OAuth 2.0, and SAML 2.0.
• Add adaptive authentication to in applications it helps to protect the applications. When Amazon Cognito detects unusual sign-in activity, it assigns risk to the activity log and lets the user choose to prompt users for additional verification or block the sign-in request. Users can verify their identities using SMS or a Time-based One-time Password.
• It helps to protect application users from unauthorized access to their accounts using compromised credentials. For compromised credentials, it prompts them to change the password.
• Provides multiple security and compliance requirements. Like HIPAA eligible and PCI DSS, SOC, and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.

How does Amazon Cognito work?

Register User and Authenticate it in C#:

It enables users to  handle user registration and sign-in directly in your app. Without user pools, you needed to implement your own user directory to create accounts, store profiles and implement password recovery flows and so on.

Prerequisites:

• IAM User
• Deploying ASP.NET on AWS
• AWS Toolkit for Visual Studio

Follow the following snapping to set up the User Pool:

Follow the following code snapping to integrate the User Pool with your Dot.Net Application:

Reference

• https://aws.amazon.com/cognito/getting-started/
• https://aws.amazon.com/cognito/pricing/
• https://aws.amazon.com/blogs/mobile/use-csharp-to-register-and-authenticate-with-amazon-cognito-user-pools/