cohagen cohagen - 1 year ago 260
ASP.NET (C#) Question

Identity Server 3 Authentication/Authorization, with ASP.NET CORE 1.0

I'm currently working on a RESTful project built upon ASP.NET Core 1.0 which connects to an Identity Server 3. I set a global [Authorize] Filter for all Controllers in the ConfigureServices method in Startup.cs.

I now try to validate my Bearer Token from an AJAX Request against my Identity Server 3 in the Startup.cs of the CORE 1.0 project and thus Authorize my controller resources.

It seems so much changed in ASP.NET CORE 1.0 compared to (classic) ASP.NET 4.5.

Do you have some ideas how to achieve this? How to validate my token in ASP.NET Core 1.0?

Many Thanks!


In 4.5 I was able to use app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions(){...}) but this doesn't exist in ASP.NET Core 1.0.

Instead I try to use the following :

var connectOptions = new OpenIdConnectOptions
Authority = Configuration["IdentityServerSettings:CoreUrl"],
ClientId = Configuration["IdentityServerSettings:ClientId"],
ClientSecret = Configuration["IdentityServerSettings:ClientSecret"],
PostLogoutRedirectUri = Configuration["IdentityServerSettings:PostLogoutRedirectUri"],
ResponseType = OpenIdConnectResponseType.Code

Unfortunately all I get is a HTTP 302...

Answer Source

It's possible to use IdentityServer4.AccessTokenValidation to solve this issue :)

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions()
                ScopeName = Configuration["IdentityServerSettings:ApiScopes"],
                Authority = Configuration["IdentityServerSettings:CoreUrl"]
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download