identityserver3

Sign out identityserver4 with identityserver3 library in mvc client

回眸只為那壹抹淺笑 提交于 2019-12-08 13:17:11
问题 I have a IdentityServer4 authentication server. I also have an ASP.NET MVC (.Net Framework 4.6) web client. I'm trying to sign out the user, using Request.GetOwinContext().Authentication.SignOut(); It is then redirected to the authentication server account/logout view saying - You are now logged out. Click here to return to the client application. After clicking the logout redirect, I am redirected to my page where I can click sign-in again. After clicking sign-in, i am automatically signed

IdentityServer3, can't update cookie when apps are on different machine?

大憨熊 提交于 2019-12-08 12:13:13
问题 I set up several test sites for SSO using IdentityServer3, pretty much the cookie cutter sample apps with minor virations. They work well except one thing: When trying to single sign OUT and/or update claims via cookie, it only works if all apps are on the same machine. For example, these two apps can single sign out. http://localhost:81 http://localhost:82 Claims updated in one app using the following also show up in the other. var authenticationManager = HttpContext.Current.GetOwinContext()

How to add a custom MVC controller to Identityserver3 owin application

早过忘川 提交于 2019-12-08 10:56:14
问题 I have an owin app which issues OAuth token to different applications. Which is using IdentityServer3 for issuing tokens. My requirement is I need to implement custom MFA for some of the apps before releasing the token. The MFA controller is a custom implementation and have a custom view. I added an MVC controller in my owin app that contains identityserver3 code, and before release the token, to app, I redirected the user to this controller method. My issue is I am not able to read the user

programmatically sign in to identityserver3

空扰寡人 提交于 2019-12-08 10:25:10
问题 I have 3rd party website which embeds my website inside it and my website validates the 3rd Party through some keys in the URL parameters. 3rd party user login with their own authentication model (as they don't do SSO or federation with my website) and my website works with my own identity provider implemented by IdentityServer3. The question is : Can I sign in with the impersonated user to my idp programmatically? As if 3rd party users login to their website, and accessing my embedded

WebAPI Mixing Implicit Flow and Client Credentials Flow

房东的猫 提交于 2019-12-08 08:30:06
问题 I have a WebAPI solution that secures it's controller methods via the [Authorize] attribute. It verifies that a given user has the appropriate roles, which are basically claims that come from an IdentityServer3. There are several single page application clients that interact with this WebAPI, and the client users are authenticated/authorized using implicit flow. So far pretty standard and simple, it all works fine... Now I have a need for background process to make calls to this same WebAPI.

Certificate requirements for IdentityServer3?

妖精的绣舞 提交于 2019-12-08 05:21:00
问题 I'm creating a certificate request from my domain controller for use in IdentityServer3 (ID3). In the "Key Usage" section of the Certificate Properties dialog, I see a list of key usages: CRL signing Data encipherment Decipher Only Digital Signature Encipher Only Key agreement Key encipherment Key certificate signing Non repudiation The question is straightforward: what key usages does ID3 require of its signing certificates? I can't find anything in the ID3 documentation besides "use a

Certificate requirements for IdentityServer3?

一世执手 提交于 2019-12-08 04:52:29
I'm creating a certificate request from my domain controller for use in IdentityServer3 (ID3). In the "Key Usage" section of the Certificate Properties dialog, I see a list of key usages: CRL signing Data encipherment Decipher Only Digital Signature Encipher Only Key agreement Key encipherment Key certificate signing Non repudiation The question is straightforward: what key usages does ID3 require of its signing certificates? I can't find anything in the ID3 documentation besides "use a certificate". I suppose it's also possible that all certificates are created "equal", and the first question

Identity Server by leastprivilege doesn't work properly on Azure

橙三吉。 提交于 2019-12-07 15:28:46
问题 I am trying to implement an architecture that follows the OAUTH2/OIDC protocol. In order to do that, I have STS(Identity Server v3 by leastprivilege), ASP.NET WebApi and ASP.NET MVC application for a client. My goal was to have the STS and REST service hosted on Azure so different clients can use them as public services. So far so good. Everything seemed to work smoothly and perfectly before I decided to add a new client that uses one of the redirection flows - Authorization Code flow. I

How should you secure a multi-tenant API with Identity Server?

末鹿安然 提交于 2019-12-07 09:21:03
问题 I'm struggling with the correct way to secure a multi-tenant Web API with Identity Server. Let me explain. We have a multi-tenant Web API that serves a ASP.NET MVC application. Each new customer is assigned a new TenantId. A customer can have multiple subscriptions of the application. Its the same as saying that the app manages multiple databases per customer (that he can access from the same base URL). Each user belongs to a single customer (tenant) and will have access to all that customer

Secure API with Azure AD/B2C users

倖福魔咒の 提交于 2019-12-07 05:40:52
问题 My use case is: Create users via API with custom fields, nominated password using any email address Update/disable those users via API 'Sign in' to Azure AD app with user details via rest API to obtain token Make authorised requests to Web API when token passed in Http header Can all of this be achieved with straight Azure AD/B2C or should I be looking at some other identity provider e.g. IdentityServer/Auth0? Edit 1 I'm getting very confused between AAD apps/users and B2C apps/users, there
订阅 identityserver3