identityserver4

问题 I'm trying to use the "LocalApi" feature of IdentityServer4 with some custom Policies. I have an API (hosted on the same application instance as IdentityServer4) that is divided into three parts (Server, Manager, Product) and for three clients (Server, Manager, Product). Client can only call the devoted part of the API and I would do this with Policies based on scopes. So I have the following: Starup: services.AddLocalApiAuthentication(); // Add API hosted on same application than

问题 I'm trying to use the "LocalApi" feature of IdentityServer4 with some custom Policies. I have an API (hosted on the same application instance as IdentityServer4) that is divided into three parts (Server, Manager, Product) and for three clients (Server, Manager, Product). Client can only call the devoted part of the API and I would do this with Policies based on scopes. So I have the following: Starup: services.AddLocalApiAuthentication(); // Add API hosted on same application than

问题 I'm trying to use the "LocalApi" feature of IdentityServer4 with some custom Policies. I have an API (hosted on the same application instance as IdentityServer4) that is divided into three parts (Server, Manager, Product) and for three clients (Server, Manager, Product). Client can only call the devoted part of the API and I would do this with Policies based on scopes. So I have the following: Starup: services.AddLocalApiAuthentication(); // Add API hosted on same application than

问题 I'm building a POC multi-tenant app using IdentityServer 4 on asp.net core as the middleman between my client app and Azure Active Directory using openIdConnect. Is there a way to trigger the admin_consent flow when a user logs in from a new AAD tenant which is not yet authorized to use the app? This Azure sample shows how to perform a manual consent using a controller on the client site which builds the AAD Uri from scratch, but I'm shooting for an experience where a user from a new

问题 I am using authorization code flow with PKCE, and would like to deny access to Authorization Server if the client is using an embedded user agent. I am using IdentityServer 4 for authorization server, and Asp.net core 2.2 for the API, both running on IIS 8. I have search for solutions on how to deny embedded user agents on native application to access Authorization server, but I cant find any steps on how to implement/configure this. Is there anyone that could provide steps on how to deny

问题 I am using authorization code flow with PKCE, and would like to deny access to Authorization Server if the client is using an embedded user agent. I am using IdentityServer 4 for authorization server, and Asp.net core 2.2 for the API, both running on IIS 8. I have search for solutions on how to deny embedded user agents on native application to access Authorization server, but I cant find any steps on how to implement/configure this. Is there anyone that could provide steps on how to deny

问题 I have an identity server asp net core project deployed in Azure, i also have two asp net 5 mvc client using my identity server as SSO, and continuously i am getting(save in logs) an exception The antiforgery token could not be decrypted . 回答1: We had similar issue today, We were able to resolve by persisting data protection keys to file system . services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(@"\\UNC-PATH")); 回答2: We had the same error message Antiforgery token

问题 I have an identity server asp net core project deployed in Azure, i also have two asp net 5 mvc client using my identity server as SSO, and continuously i am getting(save in logs) an exception The antiforgery token could not be decrypted . 回答1: We had similar issue today, We were able to resolve by persisting data protection keys to file system . services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(@"\\UNC-PATH")); 回答2: We had the same error message Antiforgery token

问题 Using ASP.NET Core 2.2 and Identity Server 4 I have the following controller: [HttpGet("posts"), Authorize] public async Task<IActionResult> GetPosts() { var authenticated = this.User.Identity.IsAuthenticated; var claims = this.User.Identities.FirstOrDefault().Claims; var id = this.User.FindFirstValue(ClaimTypes.NameIdentifier); } I get all the claims but id is null ... I checked all values in claims and I have a 'sub' claim with value 1. Why is ClaimTypes.NameIdentifier not mapping to 'sub'?

问题 We have asp.net core (v3.0) Web API backend(no auth yet). A frontend is going to be a SPA( React ). A frontend basically will be an admin panel, it means the website's home page should be just the login page. We are planning on using IdentityServer4 for auth(separate project). If we create the IdentityServer4 project( MVC ) it will have its own login form/page. Since opening our client website(react) login form should be opened, popout and iframe is not the way we are considering to use, what