cohagen cohagen - 3 months ago 58
ASP.NET (C#) Question

Identity Server 3 Authentication/Authorization, with ASP.NET CORE 1.0

I'm currently working on a RESTful project built upon ASP.NET Core 1.0 which connects to an Identity Server 3. I set a global [Authorize] Filter for all Controllers in the ConfigureServices method in Startup.cs.

I now try to validate my Bearer Token from an AJAX Request against my Identity Server 3 in the Startup.cs of the CORE 1.0 project and thus Authorize my controller resources.

It seems so much changed in ASP.NET CORE 1.0 compared to (classic) ASP.NET 4.5.

Do you have some ideas how to achieve this? How to validate my token in ASP.NET Core 1.0?

Many Thanks!

UPDATE

In Asp.net 4.5 I was able to use app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions(){...}) but this doesn't exist in ASP.NET Core 1.0.

Instead I try to use the following :

var connectOptions = new OpenIdConnectOptions
{
Authority = Configuration["IdentityServerSettings:CoreUrl"],
ClientId = Configuration["IdentityServerSettings:ClientId"],
ClientSecret = Configuration["IdentityServerSettings:ClientSecret"],
PostLogoutRedirectUri = Configuration["IdentityServerSettings:PostLogoutRedirectUri"],
ResponseType = OpenIdConnectResponseType.Code
};
app.UseOpenIdConnectAuthentication(connectOptions);


Unfortunately all I get is a HTTP 302...

Answer

It's possible to use IdentityServer4.AccessTokenValidation to solve this issue :)

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions()
            {
                ScopeName = Configuration["IdentityServerSettings:ApiScopes"],
                Authority = Configuration["IdentityServerSettings:CoreUrl"]
            });
Comments