thinktecture-ident-server

IdentityServer gets into infinite loop of authentication

阅读更多关于 IdentityServer gets into infinite loop of authentication

问题 I have the following client set up in IdentityServer: new Client { ClientName = "My web application", Enabled = true, ClientId = "mywebapp", ClientSecrets = new List<ClientSecret> { new ClientSecret("somesecret") }, Flow = Flows.Hybrid, ClientUri = "https://app.mydomain.com", RedirectUris = new List<string> { "oob://localhost/wpfclient", "http://localhost:2672/", "https://app.mydomain.com" } } And it is hosted online, let's say https://auth.mydomain.com/core . Trying to modify the MVC OWIN

How to authenticate a request from a c# application to a WIF enabled ASP.NET WebApi application using a SAML assertion

阅读更多关于 How to authenticate a request from a c# application to a WIF enabled ASP.NET WebApi application using a SAML assertion

I have setup ThinkTecture identity server as a STS, Have setup a web api project, and used the "identity and access" tool in visual studio and pointed it to my federation metadata to enable federated authentication using WIF. This is what the related portion of web.config looks like: <system.identityModel> <identityConfiguration saveBootstrapContext="true"> <audienceUris> <add value="http://localhost:41740/" /> </audienceUris> <securityTokenHandlers> <add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken

Guidance on Thinktecture IdentityServer v3 - certificates

阅读更多关于 Guidance on Thinktecture IdentityServer v3 - certificates

问题 I am working up a demo of Thinktecture IdentityServer v3. The intention is to have the identity server run as it's own website under Azure Websites. There will be other (more than one) Azure Websites that will use the identity server to authenticate users. Based on the getting started walkthrough (see https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started) I have this mostly working. Where I am having trouble is with the certificates. For the demo, I'd like to

Oauth2 Implicit Flow with single-page-app refreshing access tokens

阅读更多关于 Oauth2 Implicit Flow with single-page-app refreshing access tokens

问题 I am using Thinktecture AuthorizationServer (AS) and it is working great. I would like to write a native javascript single page app which can call a WebAPI directly, however implicit flow does not provide a refresh token. If an AJAX call is made, if the token has expired the API will send a redirect to the login page, since the data is using dynamic popups it will this will interrupt the user. How does Facebook or Stackoverflow do this and still allow the javascript running on the page to

IdentityServer Flows

阅读更多关于 IdentityServer Flows

问题 IdentityServer supports different OpenId Connect flows that are defined in the Flows enum and set for clients. There's also samples for each type of flow and many references to them in the docs but I could not find a simple definition list of what flows are in the documentation as if they are too obvious to explain in words. But I guess they're not. Can you please tell more about the differences of these, maybe we can add that to the docs? So what are: implicit flow, resource owner password

Guidance on Thinktecture IdentityServer v3 - certificates

阅读更多关于 Guidance on Thinktecture IdentityServer v3 - certificates

I am working up a demo of Thinktecture IdentityServer v3. The intention is to have the identity server run as it's own website under Azure Websites. There will be other (more than one) Azure Websites that will use the identity server to authenticate users. Based on the getting started walkthrough (see https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started ) I have this mostly working. Where I am having trouble is with the certificates. For the demo, I'd like to create my own certificate - but I am unsure of what I need to do. Any guidance would be helpful. Other

Oauth2 Implicit Flow with single-page-app refreshing access tokens

阅读更多关于 Oauth2 Implicit Flow with single-page-app refreshing access tokens

I am using Thinktecture AuthorizationServer (AS) and it is working great. I would like to write a native javascript single page app which can call a WebAPI directly, however implicit flow does not provide a refresh token. If an AJAX call is made, if the token has expired the API will send a redirect to the login page, since the data is using dynamic popups it will this will interrupt the user. How does Facebook or Stackoverflow do this and still allow the javascript running on the page to call the APIs? Proposed Solution Does the below scenario sound sensible (assuming this can be done with

Authorization header in null when setting its value to an Encrypted SAML 2 token

阅读更多关于 Authorization header in null when setting its value to an Encrypted SAML 2 token

问题 I'm using Thinktechture Identity Server to issue my SAML security tokens using the WS-Trust protocol. Then I'm calling my WEB Api with an Authorization http header containing the token. The token is handled successfully using Thinktechture.IdentityModel. But when I use a certificate to encrypt the sent token (by choosing an Encrypting Certificate in the IDP RP Admin page), the request received by IdentityModel has it's Authorization header set to null (Actually the encrypted value exists

Substitute IdentityServer3 login system

阅读更多关于 Substitute IdentityServer3 login system

问题 Following @leastprivilege answer in my previous question, I concluded that neither are possible solutions: The login service doesn't support REST authentication (thus, can't use IUserService.AuthenticateLocalAsync and just connect to it) I don't need it to be an additional provider, I need it to substitute IS3 one, ie, instead of showing the local login + additional providers, I need the /login page to be the one from a different service. Can this be customized or do I need to change

IdentityServer gets into infinite loop of authentication

阅读更多关于 IdentityServer gets into infinite loop of authentication

I have the following client set up in IdentityServer: new Client { ClientName = "My web application", Enabled = true, ClientId = "mywebapp", ClientSecrets = new List<ClientSecret> { new ClientSecret("somesecret") }, Flow = Flows.Hybrid, ClientUri = "https://app.mydomain.com", RedirectUris = new List<string> { "oob://localhost/wpfclient", "http://localhost:2672/", "https://app.mydomain.com" } } And it is hosted online, let's say https://auth.mydomain.com/core . Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the