identityserver4

User Authentication through API using IdentityServer4

点点圈 提交于 2021-01-28 11:10:25
问题 I'm looking into IdentityServer4 as a possible solution for managing users and API access tokens. One thing that is not clear is if it's possible to provide authentication through API calls or are we forced to use a login page hosted by IdentityServer4 ? With respect to user experience in mobile apps, it's always nicer to provide a simple login screen within the app, as opposed to opening a web page that handles the login process. Are we forced to use a login / registration page hosted by

Identity server does not redirect after sucessfull login

夙愿已清 提交于 2021-01-28 01:46:13
问题 I am trying to set up IdentityServer4 with MVC client. Everything works fine until I want to add ASP Identity. When I added code to use SQL server and Identity, after sucessfull login Identity server does not redirects me back to my client, but it just "refreshes" the page. IdentityServer app startup: public class Startup { public IWebHostEnvironment Environment { get; } public IConfiguration Configuration { get; } public Startup(IWebHostEnvironment environment, IConfiguration configuration)

Reading relaystate from a SamlResponse

一个人想着一个人 提交于 2021-01-27 18:22:23
问题 We are using SustainSys.Saml2 with IdentityServer4. We have the following flow working outlined in this question How to maintain returnurl after receiving SAML response from OneLogin When we issue a ChallengeAsync just before we are redirected to OneLogin to verify our user and send a SamlResponse back we see our AuthenticationProperties get passed to SustatinSys library code and it has relayData and a returnPath set but when OneLogin posts back to us the relaystate is not the returnurl

Tips for running IdentityServer4 in a web farm

自闭症网瘾萝莉.ら 提交于 2021-01-27 07:27:23
问题 Does anyone have experience with running IdentityServer4 in a web farm (multiple IIS servers) behind a load balancer? We've had some issues getting 2 servers to work together. I didn't see a deployment guide for IdentityServer4. There is one here for IdentityServer3. https://identityserver.github.io/Documentation/docsv2/advanced/deployment.html We have implemented the DataProtection in the Startup.cs. StackExchange.Redis.ConnectionMultiplexer connectionMultiplexer = RedisConnectionFactory

How to use IdentityServer4 with Custom password validation with ASP.NET Microsoft Identity

混江龙づ霸主 提交于 2021-01-27 05:52:50
问题 I am working with IdentityServer4 and using ASP.NET Identity, and would like to do custom password validation so that I can add validation for password expiration (such as if password is older than 90 days then make the user change the password, etc...). I ran across the method .AddPasswordValidator<> when setting the services.AddIdentity in the ConfigureServices() method of the Startup.cs, but am unable to find any clear documentation on how to implement it. Can anyone help with

Add tenant claim to access token using IdentityServer 4 based on acr value

。_饼干妹妹 提交于 2021-01-24 13:45:48
问题 In my scenario a user can be linked to different tenants. A user should login in the context of a tenant. That means i would like the access token to contain a tenant claim type to restrict access to data of that tenant. When the client application tries to login i specify an acr value to indicate for which tenant to login. OnRedirectToIdentityProvider = redirectContext => { if (redirectContext.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication) { redirectContext

Add tenant claim to access token using IdentityServer 4 based on acr value

不问归期 提交于 2021-01-24 13:44:11
问题 In my scenario a user can be linked to different tenants. A user should login in the context of a tenant. That means i would like the access token to contain a tenant claim type to restrict access to data of that tenant. When the client application tries to login i specify an acr value to indicate for which tenant to login. OnRedirectToIdentityProvider = redirectContext => { if (redirectContext.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication) { redirectContext

IdentityServer4(六)授权码流程原理之SPA

ε祈祈猫儿з 提交于 2021-01-23 11:34:58
在【One by One系列】IdentityServer4(四)授权码流程中提过一句: “ 为了安全,IdentityServer4是带有PKCE支持的授权码模式 ” 我们来回顾一下授权码流程 (A)用户访问客户端,后者将前者导向认证服务器。 (B)用户选择是否给予客户端授权。 (C)假设用户给予授权,认证服务器将用户导向客户端事先指定的"重定向URI"(redirection URI),同时附上一个授权码。 (D)客户端收到授权码,附上早先的"重定向URI",向认证服务器申请令牌。这一步是在客户端的后台的服务器上完成的,对用户不可见。 (E)认证服务器核对了授权码和重定向URI,确认无误后,向客户端发送访问令牌(access token)和更新令牌(refresh token)。 --摘自阮一峰老师-理解OAuth 2.0,自认为阮老师这块已经写比较清晰了,正所谓”眼前有景道不得,崔颢题诗在上头“。 1.什么是PKCE PKCE,全称Proof Key for Code Exchange,上篇讲到SPA,这是一种没有后端服务器的原生客户端,代码都在用户本地设备上运行,比如SPA在用户浏览器上运行,Win/Mac客户端,iOS/Android APP,如果让这些原生客户端安全地存放密钥(client secret)并不现实,且容易被破解。 Implicit Flow

IdentityServer4(六)授权码流程原理之SPA

杀马特。学长 韩版系。学妹 提交于 2021-01-23 10:52:57
在【One by One系列】IdentityServer4(四)授权码流程中提过一句: “ 为了安全,IdentityServer4是带有PKCE支持的授权码模式 ” 我们来回顾一下授权码流程 (A)用户访问客户端,后者将前者导向认证服务器。 (B)用户选择是否给予客户端授权。 (C)假设用户给予授权,认证服务器将用户导向客户端事先指定的"重定向URI"(redirection URI),同时附上一个授权码。 (D)客户端收到授权码,附上早先的"重定向URI",向认证服务器申请令牌。这一步是在客户端的后台的服务器上完成的,对用户不可见。 (E)认证服务器核对了授权码和重定向URI,确认无误后,向客户端发送访问令牌(access token)和更新令牌(refresh token)。 --摘自阮一峰老师-理解OAuth 2.0,自认为阮老师这块已经写比较清晰了,正所谓”眼前有景道不得,崔颢题诗在上头“。 1.什么是PKCE PKCE,全称Proof Key for Code Exchange,上篇讲到SPA,这是一种没有后端服务器的原生客户端,代码都在用户本地设备上运行,比如SPA在用户浏览器上运行,Win/Mac客户端,iOS/Android APP,如果让这些原生客户端安全地存放密钥(client secret)并不现实,且容易被破解。 Implicit Flow

SignalR using IdentityServer bearer won't receive any JWTBearerEvents from Hub

喜你入骨 提交于 2021-01-21 10:18:45
问题 We have an api (.net core 2.2) which use IdentityServerAuthenticationDefaults.AuthenticationScheme for all the controllers which works fine. We now decide to add SignalR Hub for a conference service. The hub is working fine only if we remove the authorize attribute [Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)] We did try to handle the token in the query using the following both methods (TokenRetriever or JwrBearerEvents) : services
订阅 identityserver4