thinktecture-ident-server

Authenticate to STS by Issued Token

假装没事ソ 提交于 2021-02-08 09:26:05
问题 I'm working on federating an application with various areas and extremely fine-grained permissions. Each of the various areas has a federated WCF endpoint to communicate back to the server. Because of the fine grained permissions, a single token containing all of the permissions can be as large as 1MB, maybe more. Requirements dictate that the user's username and password credentials must not be held within our code base after the initial log in process. The permissions cannot be combined to

IdentityServer 4: No storage mechanism for grants specified - use AddInMemoryStores

血红的双手。 提交于 2020-05-09 07:39:12
问题 I am using Identity Server 4 , ASP.NET Core and trying to replace the IdentityServer developer in Production environment. But getting the following error: No storage mechanism for grants specified. Use the 'AddInMemoryStores' extension method to register a development version. So, I tried to implement the services as mentioned in this answer: IProfileService IResourceOwnerPasswordValidator This is my ConfigureServices Method in Startup class: services.AddMvc(); var identityBuilder = services

How to use InboundClaimTypeMap for claim mapping?

好久不见. 提交于 2020-01-24 12:12:47
问题 I have similar problem as here : https://github.com/IdentityServer/IdentityServer3.Samples/issues/9 But solution is not helpful for me. So lets explain in more details with pictures and code: I have this on client: No need to map because NameClaimType(RoleClaimType) and Claim in list of claims are same JwtSecurityTokenHandler.InboundClaimTypeMap.Clear(); On Api project I have: In this case (if I understand correctly), I have to to map, because NameClaimType & RoleClaimType are not same with

Secure IdentityManager with IdentityServer3

佐手、 提交于 2020-01-21 20:31:07
问题 In my setup I have IdentityManager on the same host of IdentityServer. All the required configuration is on database. To create my setup I have taken in consideration this question on stackoverflow.com and then followed all the regarding discussion on this github issue. I have also subscribed to Gitter to find the conversation mentioned on the SO question referenced. My setup is almost identical to the one of @ilter. However in my case I keep getting Error: You are not authorized to use this

Secure IdentityManager with IdentityServer3

泄露秘密 提交于 2020-01-21 20:29:46
问题 In my setup I have IdentityManager on the same host of IdentityServer. All the required configuration is on database. To create my setup I have taken in consideration this question on stackoverflow.com and then followed all the regarding discussion on this github issue. I have also subscribed to Gitter to find the conversation mentioned on the SO question referenced. My setup is almost identical to the one of @ilter. However in my case I keep getting Error: You are not authorized to use this

Thinktecture identity server client selection and implementation

有些话、适合烂在心里 提交于 2020-01-14 03:15:39
问题 I am trying to get my head out of the clouds with identity server. I would like to implement the identity server project to let authenticate An ASP.NET MVC 5 application An ASP.NET Web API A windows service implementation Int this blog post I have read some details about clients. The author simply state: OAuth 2 provides several "grant types" for different use cases. The grant types defined are: Authorization Code for apps running on a web server Implicit for browser-based or mobile apps

Thinktecture identity server 3 Single Sign Out

荒凉一梦 提交于 2020-01-04 06:26:29
问题 I hope some one point me towards right direction. I have setup Identity server 3 on IIS and 2 different MVC clients to this Identity server. I am little confused about SIngle Sign out. I was hoping to achieve single sign out. However when i login, each client web site setup its own aspNet session cookie. When i logout from one client, the other client still retain its session(because of its own session cookie). How can i achieve Single sign out for multiple applications with different domains

How do you prevent replay attacks with Thinktecture IdentityModel token?

China☆狼群 提交于 2020-01-01 07:11:53
问题 I have two sites on separate domains. I'm implementing SSO using the Thinktecture IdentityModel. A user logs into Site A. At some point they click a link to take them to site B. Site A redirects the user to site B/Login.aspx?token=< token > with a JWT token. Site B then validates the token by calling an API on Site A to authenticate the user. If authenticated, the user is automatically logged into site B. By default Thinktecture tokens last for 10 hours, with no way to kill a token(as far as

How to secure IdentityManager with IdentityServer v3

隐身守侯 提交于 2020-01-01 03:24:08
问题 Brock Allen released the new beta version of IdentityManager last week. There are quite some changes in the security model, so the configuration also changed. He even took some videos (Setting up ASP.NET Identity and Security and IdentityManager) on how to configure the new version properly. These well explain the usage in a classic ASP.NET MVC application, and also ADFS setup, but I couldn't find any help or sample code about how to make it work side by side with Identity Server v3. Can you

Does OpenID Connect support the Resource Owner Password Credentials grant?

↘锁芯ラ 提交于 2019-12-28 03:05:32
问题 I have been using OAuth resource owner credential flow previously for authorization. However I would now like to consider using openid connect in pace of this, for authentication and authorization, and was wondering if the resource owner credential flow is supported in openid connect. 回答1: Yes, OpenID Connect supports all OAuth 2.0 grant types including Resource Owner Password Credentials Grant and Client Credentials Grant. As we know, Authorization Code Grant and Implicit Grant are typical 3