Questions tagged [identityserver4]
OpenID Connect Provider and OAuth 2.0 Authorization Server Framework based on ASP.NET Core
identityserver4
5,435
questions
0
votes
1
answer
221
views
Why should I use OAuth,SAML,Identity Server
We have many web applications and want to integrate SSO.What is the benefit of using OAuth,SAML,Identity Server. What is different from making a custom webapi that produce token and authenticate user.
1
vote
1
answer
3k
views
How do I get the user claims after I have logged in with IdentityServer 4?
I have used this sample to setup IdentityServer4 with angular and WebApi (ASP.NET Core): https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow
Everything is working, I can login and ...
1
vote
0
answers
123
views
Surfacing large image tags that require api authentication
I'm working with a system that is currently switching from using cookie authentication to identity server. The front end of the application is a SPA using KnockoutJS. The SPA has access to a WebAPI ...
40
votes
2
answers
52k
views
Identity Server 4 Authorization Code Flow example
I'm trying to implement Identity Server 4 with AspNet Core using Authorization Code Flow.
The thing is, the IdentityServer4 repository on github have several samples, but none with Authorization Code ...
5
votes
1
answer
3k
views
IdentityServer 4 using IIS
I'm trying to work with IdentityServer 4.
For now I'm using this link https://github.com/IdentityServer/IdentityServer4.Samples as example.
My problem is that using
http://localhost:22530/
...
1
vote
0
answers
616
views
Generating a valid JWT
I've been getting into using Identity Server 4 this weekend, and I've mostly been impressed with the ease and it feels like I've gotten a good grip for the procedure for creating an access_token. Been ...
3
votes
1
answer
2k
views
Using database instead of in memory store Identity server 4
Please guide me how we can customize identityserver 4 to use database instead of in memory store.
List of class that need to be overridden and how they are to be configured
7
votes
2
answers
2k
views
The User.IsInRole("Administrators") with IClaimsTransformer always false
I add the role administrators to user claims after authentication with an IClaimsTransformer impelimentation like this:
(principal.Identity as ClaimsIdentity).AddClaim(new Claim(ClaimTypes.Role, "...
5
votes
1
answer
941
views
asp.net 5 and IdentityServer4
I am working on a prototype for a site re-architecture using ASP.NET 5 and I am debating using IdentityServer4 for my Authentication and Authorization. I have reviewed a lot of samples and articles ...
3
votes
1
answer
1k
views
How to implement identity server 3 localization
I have an identityserver3 as a separate server for authenticating multiple client.
I want to localize it and i used IdentityServer3.Contrib.Localization for that, now i know that this is it's usage:
...
14
votes
1
answer
13k
views
How to make IdentityServer to add user identity to the access token?
Short: My client retrieves an access token from IdentityServer sample server, and then passes it to my WebApi. In my controller, this.HttpContext.User.GetUserId() returns null (User has other claims ...
1
vote
2
answers
165
views
Is the implicit client security is fragile or my concerns is not valid
I am using the implicit client in the identity server, in the other hand there is a native android app,
My security concerns is:
1- App reverse engineering: if the attacker get access to the ...
0
votes
1
answer
113
views
IdenityServer in an enterprise environment - Resolve user information across multiple databases
We use the IdentityServer3 as our central authentication provider. Now I have a general question about the IdenityServer in an enterprise environment. I try to explain it with the following example:
...
21
votes
4
answers
16k
views
How would I generate the Identity Server signing certificate
In the identity server samples we find code like this in Startup.cs
var certFile = env.ApplicationBasePath + "\\idsrv3test.pfx";
var signingCertificate = new X509Certificate2(certFile, "idsrv3test");...
0
votes
1
answer
2k
views
OAuth 2.0 Single-use Access Token for unauthenticated user via IdentityServer4
I apologies in advance for incorrect use of oauth terms.
I have 4 "parties" as follows (intentionally not using oauth terms where possible):
End-user in a browser (javascript)
Our website (aspnet)
...