identityserver3

In the identity server samples we find code like this in Startup.cs var certFile = env.ApplicationBasePath + "\\idsrv3test.pfx"; var signingCertificate = new X509Certificate2(certFile, "idsrv3test"); How would I go about replacing this for production scenarios? Get a dedicated cert - either via your PKI or self-generate one: http://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/ Import the key pair into the Windows certificate store, and load it from there at runtime. To step up security, some people deploy the keys to a dedicated device (called an HSM) or to a

I am converting a authentication process to support async and the VS 2015 IDE is warning me with the following message: The async method lacks 'await' operators and will run synchronously... etc... Anyway, the code connects to a LDAP store and verifies a user's account and etc... I have tried various things with await, but I am just missing something here. I put the code back to what it was before.. I would appreciate any guidance in getting it to support async correctly... Here is the code: public async Task<User> GetAsyncADUser(PrincipalContextParameter param) { try { if

I have the following client set up in IdentityServer: new Client { ClientName = "My web application", Enabled = true, ClientId = "mywebapp", ClientSecrets = new List<ClientSecret> { new ClientSecret("somesecret") }, Flow = Flows.Hybrid, ClientUri = "https://app.mydomain.com", RedirectUris = new List<string> { "oob://localhost/wpfclient", "http://localhost:2672/", "https://app.mydomain.com" } } And it is hosted online, let's say https://auth.mydomain.com/core . Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the

I'm not really interested in API authentication - all I want to do is authorize a user who has access to one or many applications from a kind of portal I am designing. We are hosting the all the web applications, some are just Javascript and HTML, some are MVC. I have created a diagram below with a user called Bob. He is a valid user and is allowed to use an application called "JS" but not MVC. How can this be implemented using Identity Server. Obviously when inside the JS application it still needs to talk to the Identity Server to make sure the current user is valid or else somebody could

I created a Self Signed Certificate for my internal development purpose using MakeCert.exe Step #1 : I Created a Root CA using the following Command makecert -n "CN=Bala root signing authority" -cy authority -r -sv root.pvk root.cer Step #2 : Installed the Root CA Certificate which is created in Step #1 using the following Command certutil -user -addstore Root root.cer Step #3 : I Created a Client Certificate using the following Command makecert -pe -n "CN=Bala Client" -a sha1 -cy end ^ -sky signature ^ -ic root.cer -iv root1.pvk ^ -sv Bala.pvk Bala.cer Step #4 : I Created a .pfx file for the

I'm securing a web app with identity server 3. My app is split into 2 oidc clients a ASP.Net MVC client and a javascript(angular) client which uses the oidc-client javascript library. When a user first visits the web app we redirect for log in to identity server, which logs in the mvc client. The javascript client is then logged in using the silent login feature from the oidc-library. I would like to control how often the user has to visit the logon page to sign in again and I would like to set this so that users have to visit the logon page either once a day or every 8 hours. Is there a

I have an odd issue that I am trying to track down. If I deploy my client and Identity Server to Azure, using a self signed certificate then the code works. I have now moved it to our UAT environment, where the identity server is configured to use a purchased certificate. This certificate has been provided for a single domain. identity.mydomain.com The client has the password for this certificate so it can do what it needs to. When I browse to the identity server I can log in to the admin section, so that is all running correctly. If I browse to the client, it redirects to the identity service

So I have an MVC6 app that includes an identity server (using ThinkTecture's IdentityServer3) and an MVC6 web services application. In the web services application I am using this code in Startup: app.UseOAuthBearerAuthentication(options => { options.Authority = "http://localhost:6418/identity"; options.AutomaticAuthentication = true; options.Audience = "http://localhost:6418/identity/resources"; }); Then I have a controller with an action that has the Authorize attribute. I have a JavaScript application that authenticates with the identity server, and then uses the provided JWT token to