swannee swannee - 9 months ago 119
ASP.NET (C#) Question

OAuth Authorization Service in ASP.NET Core

In Web API 2, you used to be able to create an endpoint to issue a token by setting up an OAuth Authorization Server via middleware like below:

//Set up our auth server options.
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()

// Sets up the token issue endpoint using the options above

Perhaps I'm missing it, but I'm trying to figure out how to do this in ASP.NET Core. I've looked through the source (https://github.com/aspnet/Security) but I don't really see anything analogous. Is there a new way to accomplish this? Do I need to just create a controller and do it myself?

I see how OAuth Authentication can be set up via Middleware, but this regards the authorization portion where I issue claims from my API.

Answer Source

Don't waste your time looking for an OAuthAuthorizationServerMiddleware alternative in ASP.NET 5, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there's an OWIN/Katana 3 version, and an ASP.NET 5 version that supports both the full .NET framework and .NET Core.


To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

Good luck!