identityserver4

问题 Getting ready to move our IdentityServer4 setup from dev to test and I need to get the AddSignerCredentials() piece migrated from AddDeveloperCredentials(). I can generate a private and public RSASecurityKey but I'm unclear as to what RsaSecurityKey to pass to AddSignerCredentials(). The discovery endpoint somehow knows about the public key, but we'd want to sign tokens with the private key. Neither seems to work Is there an example of how to use this somewhere in the documentation that I

问题 Getting ready to move our IdentityServer4 setup from dev to test and I need to get the AddSignerCredentials() piece migrated from AddDeveloperCredentials(). I can generate a private and public RSASecurityKey but I'm unclear as to what RsaSecurityKey to pass to AddSignerCredentials(). The discovery endpoint somehow knows about the public key, but we'd want to sign tokens with the private key. Neither seems to work Is there an example of how to use this somewhere in the documentation that I

问题 We have a .Net Core Identity Server, a .Net Core Api, our clients however are desktop and mobile apps. Looking through the docs it seems our Users need to Sign-in using Hybrid flow, however it seems this flow is for Web browser apps. What is the correct flow/grant_type to Authenticate my Desktop Users and give them access to the Api? 回答1: Hybrid flow is correct. See this spec: https://tools.ietf.org/html/draft-ietf-oauth-native-apps-09 You can use this library: https://github.com

问题 Examples I find for IdentityServer4 use MVC for login UI. When a OpenIdConnect implicit client hits the 'authorization_endpoint' (example 'http://localhost:5000/connect/authorize') it gets redirected to the AccountController Login action. How would you configure IdentityServer4 to use a different controller or UI for as the login page? 回答1: Under the ConfigureServices method (in Startup) add in a SetupIdentityServer options method: services.AddIdentityServer(*SetupIdentityServer*)

问题 Examples I find for IdentityServer4 use MVC for login UI. When a OpenIdConnect implicit client hits the 'authorization_endpoint' (example 'http://localhost:5000/connect/authorize') it gets redirected to the AccountController Login action. How would you configure IdentityServer4 to use a different controller or UI for as the login page? 回答1: Under the ConfigureServices method (in Startup) add in a SetupIdentityServer options method: services.AddIdentityServer(*SetupIdentityServer*)

问题 I am working on an asp.net MVC application with identity server 4 as token service. I have an api as well which has some secure resources. I want to implement roles (Authorization) for api. I want to make sure that only an authorized resource with valid role can access an api end point otherwise get 401 (unauthorized error). Here are my configurations: Client new Client() { ClientId = "mvcClient", ClientName = "MVC Client", AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

问题 I'm using IdentityServer4 to handle authentication and authorization in my ASP.NET core API. I use angular4 on client side. I know that I can use token endpoint (http://myapidomain/connect/token) to get access_token by using grantype = ResourceOwnerPassword . It means that I provide username and password in login UI to authenticate. My question is: do we need to implement API Account/Login anymore? I think that IdentityServer4 is already handle signin via cookie authentication middleware

问题 I have IdentityServer4 running behind a load balancer that redirects https calls to http resources. This means that my IdentityServer will be running on http but will need to show https URLs in it's discovery page (.well-known/openid-configuration). What's the most elegant way to transform http urls on this page to https? 回答1: Set the PublicOrigin option (see docs). services.AddIdentityServer( options => options.PublicOrigin = "https://foo.bar.com" ) .AddSigningCredential(...)

问题 Having to applications auth and store and authenticating using IdentityServer4 and both are behind NGINX. The store application successfully authenticates but after coming back from the auth application we get 502 Bad Gateway from NGINX. Any idea what is going wrong here? Auth app log: info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 117.7292ms 200 text/html; charset=UTF-8 info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.0 POST http:/

问题 I want to be able to authenticate against an Identity Server (STS) from outside and inside a docker machine. I am having trouble with setting the correct authority that works both inside and outside the container. If I set the authority to the internal name mcoidentityserver:5000 then the API can authenticate but the client cannot get a token as the client lies outside of the docker network. If I set the authority to the external name localhost:5000 then the client can get a token but the API