identityserver3

How to use identityserver3 in asp.net core 2.0 webapi to validate token from Identityserver3 server

你说的曾经没有我的故事 提交于 2021-02-07 20:21:05
问题 I have a identityserver which is using IdentityServer3 to issue tokens. I am creating an asp.net core 2.0 api client. How to validate the token issued by Identityserver3 in ASP.Net Core 2.0 api application? I tried to install Identityserver3.AccessTokenValidation.AspNetCore, but getting error saying it is not compatible with core. Can anyone help me how to do this? Thanks 回答1: With .Net Core 2 you can use IdentityServer4.AccessTokenValidation to validate IdentityServer3 token , just make sure

Refresh tokens using owin middleware and IdentityServer v3

若如初见. 提交于 2021-02-06 05:40:52
问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

Refresh tokens using owin middleware and IdentityServer v3

 ̄綄美尐妖づ 提交于 2021-02-06 05:38:24
问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

Refresh tokens using owin middleware and IdentityServer v3

生来就可爱ヽ(ⅴ<●) 提交于 2021-02-06 05:36:26
问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

Refresh tokens using owin middleware and IdentityServer v3

佐手、 提交于 2021-02-06 05:35:50
问题 I've recently setup IdentityServer v3 and its running like a dream, however I'm having troubles with the OWIN middleware. I would like to use the hybrid flow so I can refresh tokens in the backend without the user having to redirect back to the IdentityServer to get a new access token every 5 minutes (which is also odd as its set to have a lifetime of 1 hour on the server). I'm using the following config in startup and I'm getting the tokens fine, but it never seems to try and refresh the

OWIN challenge not triggered when using web.config authorization elements

折月煮酒 提交于 2020-12-06 06:25:47
问题 I'm migrating a Web Forms application from Forms Authentication to OpenID Connect (using OWIN and IdentityServer3). The application already has a lot of 'authorization' elements (for various locations) in the web.config which I would like to reuse after migrating to OWIN. <authorization> <deny users="?" /> </authorization> <location path="Path/Page.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> ... The problem is that after I switch to OWIN

How to overwrite post logout redirect url

依然范特西╮ 提交于 2020-08-10 19:53:40
问题 I am using IdentityServer3 and i have ASP.NET Core as Client application. Here is my LoggOff action method [HttpPost] public async Task LogOff() { await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme); await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme); } When user logs out i see the following

How to overwrite post logout redirect url

北城余情 提交于 2020-08-10 19:53:08
问题 I am using IdentityServer3 and i have ASP.NET Core as Client application. Here is my LoggOff action method [HttpPost] public async Task LogOff() { await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme); await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme); } When user logs out i see the following

Protecting webapi with IdentityServer and Autofac - can't get claims

蹲街弑〆低调 提交于 2020-01-25 16:34:22
问题 I'm trying to protect my webapi with IdentityServer and OpenID Connect using Autofac. I'm using OWIN. But for some reason I can't get claims of the user. It seems that AccessTokenValidation is not triggered at all. That makes me think there is something wrong in the order of my declarations at my startup. Here is my startup. public class Startup { public void Configuration(IAppBuilder appBuilder) { // Add authentication this.AddAuthentication(appBuilder); HttpConfiguration config = new

IdentityServer Facebook Auth changes subject id / is not the facebook id

回眸只為那壹抹淺笑 提交于 2020-01-24 19:30:26
问题 I enabled the IdentityServer to authenticate with Facebook with the implicit flow. now when I get authenticated i get an id value as subject. like 502967fe0125ce3ff75050ef7b83fd68 I used it as a user id to store user related data. But from time to time it seems like the content of the subject changes and I get a different id. Am I missunderstanding the concept of the Subject . Is it expected that it is chagning ? Shouldn't be the subject id constant? What information should I use to store