How to combine AddOpenIdConnect() and AddIdentityServerAuthentication() in one resource server?
0
Can somebody help me with my current configuration for protecting our server using Identity Server 4, currently I'm using package IdentityServer4 2.3.0. I found that when I hit one of my api with a valid token, it always return 401 Unauthorized or 302 Found. My comment on listing below show my problem:
services
.AddAuthentication()
.AddOpenIdConnect(
"oidc",
"OpenID Connect",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, it hitted.
x.SignInScheme = "Cookies";
x.ClientId = "myclient;
x.SaveTokens = true;
x.GetClaimsFromUserInfoEndpoint = true;
x.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
})
.AddIdentityServerAuthentication(
"Bearer",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, not hitted.
x.ApiName = "api1";
x.ApiSecret = "apisecret";
x.RequireHttpsMetadata = true;
})
;
identityserver4 openid-connect
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
add a comment |
0
Can somebody help me with my current configuration for protecting our server using Identity Server 4, currently I'm using package IdentityServer4 2.3.0. I found that when I hit one of my api with a valid token, it always return 401 Unauthorized or 302 Found. My comment on listing below show my problem:
services
.AddAuthentication()
.AddOpenIdConnect(
"oidc",
"OpenID Connect",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, it hitted.
x.SignInScheme = "Cookies";
x.ClientId = "myclient;
x.SaveTokens = true;
x.GetClaimsFromUserInfoEndpoint = true;
x.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
})
.AddIdentityServerAuthentication(
"Bearer",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, not hitted.
x.ApiName = "api1";
x.ApiSecret = "apisecret";
x.RequireHttpsMetadata = true;
})
;
identityserver4 openid-connect
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
add a comment |
0
0
0
Can somebody help me with my current configuration for protecting our server using Identity Server 4, currently I'm using package IdentityServer4 2.3.0. I found that when I hit one of my api with a valid token, it always return 401 Unauthorized or 302 Found. My comment on listing below show my problem:
services
.AddAuthentication()
.AddOpenIdConnect(
"oidc",
"OpenID Connect",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, it hitted.
x.SignInScheme = "Cookies";
x.ClientId = "myclient;
x.SaveTokens = true;
x.GetClaimsFromUserInfoEndpoint = true;
x.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
})
.AddIdentityServerAuthentication(
"Bearer",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, not hitted.
x.ApiName = "api1";
x.ApiSecret = "apisecret";
x.RequireHttpsMetadata = true;
})
;
identityserver4 openid-connect
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
Can somebody help me with my current configuration for protecting our server using Identity Server 4, currently I'm using package IdentityServer4 2.3.0. I found that when I hit one of my api with a valid token, it always return 401 Unauthorized or 302 Found. My comment on listing below show my problem:
services
.AddAuthentication()
.AddOpenIdConnect(
"oidc",
"OpenID Connect",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, it hitted.
x.SignInScheme = "Cookies";
x.ClientId = "myclient;
x.SaveTokens = true;
x.GetClaimsFromUserInfoEndpoint = true;
x.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
})
.AddIdentityServerAuthentication(
"Bearer",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, not hitted.
x.ApiName = "api1";
x.ApiSecret = "apisecret";
x.RequireHttpsMetadata = true;
})
;
identityserver4 openid-connect
identityserver4 openid-connect
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
asked Nov 24 '18 at 15:10
Anggara SuwartanaAnggara Suwartana
11
11
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
0
Here's an example of how I do it to get the Hybrid flow working:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53459506%2fhow-to-combine-addopenidconnect-and-addidentityserverauthentication-in-one-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Here's an example of how I do it to get the Hybrid flow working:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
add a comment |
0
Here's an example of how I do it to get the Hybrid flow working:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
add a comment |
0
0
0
Here's an example of how I do it to get the Hybrid flow working:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
Here's an example of how I do it to get the Hybrid flow working:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
answered Dec 5 '18 at 0:04
Hugo Quintela RibeiroHugo Quintela Ribeiro
460214
460214
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
add a comment |
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Thanks Sir for your answer. But with your code, are my api controllers will be protected by "Bearer" authorization? Please advise.
– Anggara Suwartana
Dec 5 '18 at 16:27
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
Yes, give it a try. :)
– Hugo Quintela Ribeiro
Dec 7 '18 at 10:35
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53459506%2fhow-to-combine-addopenidconnect-and-addidentityserverauthentication-in-one-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
