aspnet-contrib

问题 I'm trying to impement the OpenID Connect server (resource owner password credentials grant) with ASOS by this post. Everything works fine when I have both Authorization server and resource server in one app. But when I split them on two apps (but on one machine) resource server fails to validate token and returns The access token is not valid . I downloaded the source code of AspNet.Security.OAuth.Validation to investigate the issue and it returns null here Here are some logs from

问题 I am using Visual Studio 2015 Enterprise and ASP.NET vNext Beta8 to build an endpoint that both issues and consumes JWT tokens as described in detail here. As explained in that article the endpoint uses AspNet.Security.OpenIdConnect.Server (AKA OIDC) to do the heavy lifting. While standing this prototype up in our internal development environment we have encountered a problem using it with a load balancer. In particular, we think it has to do with the "Authority" setting on app

问题 I'am writing a test application with asp.net core 2.0, AspNet.Security.OpenIdConnect.Server and AspNet.Security.OAuth.Extensions. I ran into a problem with introspection of the access token. When I get my token from /connect/token and send it to my resource server I get the following errors in my server: fail: AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerHandler[0] The introspection request was rejected with the following error: invalid_request ; (null) info: AspNet.Security

问题 I'm trying to use the various examples as a means to write my own, but I don't fully understand what is happening. Maybe someone can offer some insight. I thought I needed to implement some URL that is listening for a callback from the 3rd party auth request, but when I look at the github implementation, for example, I see public const string CallbackPath = "/signin-github"; and I don't see anything that is listening for that. 回答1: The callback endpoint is managed by the OAuth2 generic

问题 I am using Visual Studio 2015 Enterprise Update 1 and ASP.NET 5 rc1-final to build an endpoint that both issues and consumes JWT tokens as described in detail here. In this approach we have a single project that 'does it all' - the project uses OIDC to issue tokens, JWT bearer authentication to validate them and then guards access to various controllers using the Authorize attribute - all in the same project. Now we would like to refactor this solution by creating an OIDC authorization &

问题 So I made a change to my project.json which caused a re-restore which is coming up with a bunch of unresolvable dependencies. How do you figure out what is going on here? This was definitely working as I wrote quite a bit of code against this project.json file. "dependencies": { "EntityFramework.Commands": "7.0.0-*", "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*", "Microsoft.AspNet.Diagnostics.Entity": "7.0.0-*", "Microsoft.AspNet.Identity.EntityFramework": "3.0.0-*", "Microsoft.AspNet

问题 The example on the AspNet.Security.OpenIdConnect.Server looks to me like both an auth and resource server. I would like to separate those. I have done so. At the auth server's Startup.Config, I have the following settings: app.UseOpenIdConnectServer(options => { options.AllowInsecureHttp = true; options.ApplicationCanDisplayErrors = true; options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.Issuer = new System.Uri("http://localhost:61854"); // This auth server

问题 The example on the AspNet.Security.OpenIdConnect.Server looks to me like both an auth and resource server. I would like to separate those. I have done so. At the auth server's Startup.Config, I have the following settings: app.UseOpenIdConnectServer(options => { options.AllowInsecureHttp = true; options.ApplicationCanDisplayErrors = true; options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.Issuer = new System.Uri("http://localhost:61854"); // This auth server

问题 I am using token based security in my web app. The server side is wrote using c# and i am using openiddict for logging in and issuing tokens, found here. I am currencyly using Implict flow. By default my tokens have a lifespan of 1 hour, after that you have to logging again. I have locked down my API to accept bearer tokens only and not cookies. I wanted to implement refresh tokens but after reading many websites, it appears that implementing refresh tokens on a web app, is not a good way to

问题 I'm using Asp.net core rc2 with OpenIdConnectServer. I'm using angular 1.x with augular-oauth2. After a few days, my error has digressed to Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:54275/api/Account/Username Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: Successfully validated the token. Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: HttpContext.User merged via