identityserver3

问题 I have a identityserver which is using IdentityServer3 to issue tokens. I am creating an asp.net core 2.0 api client. How to validate the token issued by Identityserver3 in ASP.Net Core 2.0 api application? I tried to install Identityserver3.AccessTokenValidation.AspNetCore, but getting error saying it is not compatible with core. Can anyone help me how to do this? Thanks 回答1: With .Net Core 2 you can use IdentityServer4.AccessTokenValidation to validate IdentityServer3 token , just make sure

问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

问题 I'm migrating a Web Forms application from Forms Authentication to OpenID Connect (using OWIN and IdentityServer3). The application already has a lot of 'authorization' elements (for various locations) in the web.config which I would like to reuse after migrating to OWIN. <authorization> <deny users="?" /> </authorization> <location path="Path/Page.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> ... The problem is that after I switch to OWIN

问题 I am using IdentityServer3 and i have ASP.NET Core as Client application. Here is my LoggOff action method [HttpPost] public async Task LogOff() { await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme); await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme); } When user logs out i see the following

问题 I am using IdentityServer3 and i have ASP.NET Core as Client application. Here is my LoggOff action method [HttpPost] public async Task LogOff() { await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme); await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme); } When user logs out i see the following

问题 I'm trying to protect my webapi with IdentityServer and OpenID Connect using Autofac. I'm using OWIN. But for some reason I can't get claims of the user. It seems that AccessTokenValidation is not triggered at all. That makes me think there is something wrong in the order of my declarations at my startup. Here is my startup. public class Startup { public void Configuration(IAppBuilder appBuilder) { // Add authentication this.AddAuthentication(appBuilder); HttpConfiguration config = new

问题 I enabled the IdentityServer to authenticate with Facebook with the implicit flow. now when I get authenticated i get an id value as subject. like 502967fe0125ce3ff75050ef7b83fd68 I used it as a user id to store user related data. But from time to time it seems like the content of the subject changes and I get a different id. Am I missunderstanding the concept of the Subject . Is it expected that it is chagning ? Shouldn't be the subject id constant? What information should I use to store