openid-connect

问题 I have questions upon using the new ASP.Net OpenID Connect framework while adding new Claims during the authentication pipeline as shown in the code below. I'm not sure just how much 'magic' is happening behind the scenes. I think most of my questions center around not knowing much about OWIN authentication middleware as opposed to OpenID Connect. Q1. Should I be manually setting HttpContext.Current.User and Thread.CurrentPrincipal from OwinContext.Authentication.User ? Q2. I want the ability

问题 I am using UseOpenIdConnectAuthentication middleware for ASP.Net Core application to authenticate against Dells Cloud access manager token provider (setup to provide OpenId/OAuth2 authentication). Following is the code: app.UseCookieAuthentication(new CookieAuthenticationOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, AuthenticationScheme = "ClientCookie", CookieName = CookieAuthenticationDefaults.CookiePrefix + "ClientCookie", ExpireTimeSpan = TimeSpan.FromMinutes(5),

问题 I am migrating my Azure AD secured application to the v2.0 endpoint. I need to pass a custom parameter to the reply uri. With former Azure AD endpoint I did it by adding a usual query parameter to the reply url. e.g. https://myserver.com/myredirect_uri?mycustomparamerter=myvalue Unfortunately, with endpoint 2.0 I received an error saying that the reply uri does not match the one registered. Of course my custom parameter value is dynamic and I cannot hardcode it. I was looking to exploit the

问题 I'm trying to connect an ASP.NET application to Salesforce using OpenId, Currently this is my connecting code so far. I think I got everything except the redirect_uri parameter, which has to match the value on the other end exactly. app.UseCookieAuthentication(x => { x.AutomaticAuthenticate = true; x.CookieName = "MyApp"; x.CookieSecure = CookieSecureOption.Always; x.AuthenticationScheme = "Cookies"; }); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();

问题 I try to get OpenID Connect running... A user of my Web API managed to get an Authorization Code of a OpenID Connect Provider. How am I supposed to pass this code to my ASP.NET Web API? How do I have to configure OWIN Middleware such that I can get an Access Token using the Authorization Code? UPDATE: A SPA uses AJAX for communicating with my web service (ASP.NET Web API). In my web service a use OWIN Middleware. I set OpenIDConnect as the authentication mechanism. When the web service is

问题 This is the Project Structure This is the access_token I am getting in My Angular Client Application. { "nbf": 1529181048, "exp": 1529184648, "iss": "https://localhost:44381", "aud": [ "https://localhost:44381/resources", "myaspnetwebapi" ], "client_id": "AngularCore", "sub": "1", "auth_time": 1529181045, "idp": "local", "scope": [ "openid", "profile", "myaspnetwebapi" ], "amr": [ "pwd" ] } In My ASP.NET WEB API Project, I am using this OPEN ID CONNECT Nuget Package - https://www.nuget.org

问题 I have some doubts after reading the Open Id docs. Any help will be much appreciated. Following any of the oidc flows you end by having an id_token and a access_token. a)When you send the access_token to a protected api, why or when (example) it would need to retrieve some claims about the user who owns it? Maybe if the protected api wants to use some data about the authenticated user? b) For obtaining the claims the protected api will need to communicate with the UserEdnpoint endpoint? It

问题 As exercise to understand OpenIDConnect, I am trying to authenticate in my web app with Google following this guide. The problem is I cannot read the token that Google sends to my application> var bytes = Convert.FromBase64String(codeEx.Id_token); var token = Encoding.ASCII.GetString(bytes); It fails in the first line saying: "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters."

问题 I have an IdentityServer4 application running with ASP.NET Identity. I want to use that so users from another application can login through my remote identity server. I have configured a client application in identity server with the following settings (showing only relevant settings): ClientId: mvc ProtocolType: oidc ClientSecret: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= (URLs to client app) RedirectUri: https://localhost:44313/signin-oidc PostLogoutRedirectUri: https://localhost:44313

问题 The example on the AspNet.Security.OpenIdConnect.Server looks to me like both an auth and resource server. I would like to separate those. I have done so. At the auth server's Startup.Config, I have the following settings: app.UseOpenIdConnectServer(options => { options.AllowInsecureHttp = true; options.ApplicationCanDisplayErrors = true; options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.Issuer = new System.Uri("http://localhost:61854"); // This auth server