Identity Server 3 AngularJS with .Net Web API

Question

We are planning to integrate Identity Server3 in SPA page application using AngularJS with .Net Web API.

1) Need to create identity token and oAuth token for the application and store identity token in browser cookie. So taking Hybrid approach and need to map the identity to create oauth token, so both users and api are protected. Able to create oauth token, but struggling how to do authenticate using custom login page (not using identityserver3 login page) where userid and password validated from Angularjs page and create identity token and store it in browser cookie.

Any one have implemented custom login approach with identity token creating using identityserver3?

2) How to integrate identity Server3 with Active Directory as user data store?

Please provide comments.

Thanks Regards Ramkumar.C

Answer 1

For Active Directory(AD) user store, implement Identity Server as a Relying Party to your AD implementation. You can then simply integrate it within Identity Server as an external Identity Provider. Details on how to do this are in the official documentation: https://identityserver.github.io/Documentation/docsv2/configuration/identityProviders.html.

I assume you'll be doing this over WS-Federation, so you'll need to use the Microsoft.Owin.Security.WsFederation package.

If you want to use just AD as your user store, you can disable local logins in the IdentityServerOptions, set AD as the only Identity Provider for your Client using the IdentityProviderRestrictions property or use the acr_values property of idp when using the Authorization endpoint.

Regarding custom log in page external to Identity Server, many people have asked about this on the Identity Server issue tracker. Some have made implementations, but FYI: the team behind Identity Server do not recommend this approach.