问题
I have 3rd party website which embeds my website inside it and my website validates the 3rd Party through some keys in the URL parameters.
3rd party user login with their own authentication model (as they don't do SSO or federation with my website) and my website works with my own identity provider implemented by IdentityServer3.
The question is: Can I sign in with the impersonated user to my idp programmatically? As if 3rd party users login to their website, and accessing my embedded website, then my website automatically sign in to my idp with impersonated user and my website is shown to 3rd party user?
diagram for the interaction
回答1:
Yes you can
var client = new HttpClient();
var dic = new Dictionary<string, string>();
dic.Add("client_id", "mvc");
dic.Add("client_secret", "secret");
dic.Add("grant_type", "password");
dic.Add("scope", "openid profile");
dic.Add("username", "yazan@catec.ae");
dic.Add("password", "P@ssword1");
var content = new FormUrlEncodedContent(dic);
var msg = client.PostAsync("https://localhost:44383/identity/connect/token", content).Result.Content.ReadAsStringAsync().Result;
string token = Newtonsoft.Json.JsonConvert.DeserializeObject<dynamic>(msg).access_token;
var jwt = new JwtSecurityToken(token);
var identity = new ClaimsIdentity("ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
foreach (var c in jwt.Claims)
{
var t = c.Type;
var v = c.Value;
identity.AddClaim(new Claim(t, v));
}
IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication;
authenticationManager.SignOut("ApplicationCookie");
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
return Redirect("Index");
来源:https://stackoverflow.com/questions/40949893/programmatically-sign-in-to-identityserver3