CODEWITHSUNDEEP
c#identityserver3
yellowbrickcode
yellowbrickcode

Reputation: 661

Configuration of IdentityServer3.Admin in Startup

I'm trying out the IdentityServer3.Admin beta (https://github.com/IdentityServer/IdentityServer3.Admin) but having some issues getting it set up and can't seem to find any guidance.

I've got the IdentityManager project set up so I've used that as a guide to get as far as I am now, but the IdentityAdminServiceFactory seems to be missing a configure method like the IdentityManagerServiceFactory has.

Here is the code from my Startup.cs file that I have so far. Any help gratefully received!

Thanks. 

        app.Map("/admin", adminApp =>
        {
            var factory = new IdentityAdminServiceFactory();
            //factory.Configure() or something would go here???

            adminApp.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });

            adminApp.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
            {
                MetadataAddress = ConfigurationManager.AppSettings["AzureADMetadataEndpoint"],
                Wtrealm = ConfigurationManager.AppSettings["AzureADApplicationId"],
                SignInAsAuthenticationType = "Cookies",
                Notifications = new WsFederationAuthenticationNotifications
                {
                    SecurityTokenValidated = ctx =>
                    {
                        var roleClaim = new Claim("role", "IdentityManagerAdministrator");
                        ctx.AuthenticationTicket.Identity.AddClaim(roleClaim);
                        return Task.FromResult(0);
                    }
                }
            });

            adminApp.UseIdentityAdmin(new IdentityAdminOptions
            {
                Factory = factory,
                AdminSecurityConfiguration = new AdminHostSecurityConfiguration
                {
                    HostAuthenticationType = "Cookies",
                    NameClaimType = ClaimTypes.Name,
                    RoleClaimType = "role",
                    AdminRoleName = "IdentityManagerAdministrator"
                }
            });
        });

Upvotes: 2

Views: 721

Answers (1)

yellowbrickcode
yellowbrickcode

Reputation: 661

Ok, so thanks to some help from one of the contributors on Twitter, I've got this sorted. So for anyone else with the same issue, this is how I got mine working.

There is a second package, IdentityServer3.Admin.EntityFramework that I also had to install. In that repo on github, there is also an example project (https://github.com/IdentityServer/IdentityServer3.Admin.EntityFramework/tree/master/source/Host)

Using that code as guidance, I implemented my own IdentityManagerAdminService plus an extension method for the factory, where "IdServer3" is my connection string to my ID Server DB in my Web.config.

public class IdentityAdminManagerService : IdentityAdminCoreManager<IdentityClient, int, IdentityScope, int>
{
    public IdentityAdminManagerService() 
        : base("IdServer3")
    {
    }
}

public static class IdentityAdminManagerServiceExtensions
{
    public static void Configure(this IdentityAdminServiceFactory factory)
    {
        factory.IdentityAdminService = new Registration<IIdentityAdminService, IdentityAdminManagerService>();
    }
}

Now in my Startup.cs file I have the following and it's working as expected when I hit the /admin path on my ID Server. Note, the WsFederationAuthentication section isn't required. I'm using Azure Active Directory to secure the admin section which is why I have that there.

        app.Map("/admin", adminApp =>
        {
            var factory = new IdentityAdminServiceFactory();
            factory.Configure();

            adminApp.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });

            adminApp.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
            {
                MetadataAddress = ConfigurationManager.AppSettings["AzureADMetadataEndpoint"],
                Wtrealm = ConfigurationManager.AppSettings["AzureADApplicationId"],
                SignInAsAuthenticationType = "Cookies",
                Notifications = new WsFederationAuthenticationNotifications
                {
                    SecurityTokenValidated = ctx =>
                    {
                        var roleClaim = new Claim("role", "IdentityManagerAdministrator");
                        ctx.AuthenticationTicket.Identity.AddClaim(roleClaim);
                        return Task.FromResult(0);
                    }
                }
            });

            adminApp.UseIdentityAdmin(new IdentityAdminOptions
            {
                Factory = factory,
                AdminSecurityConfiguration = new AdminHostSecurityConfiguration
                {
                    HostAuthenticationType = "Cookies",
                    NameClaimType = ClaimTypes.Name,
                    RoleClaimType = "role",
                    AdminRoleName = "IdentityManagerAdministrator"
                }
            });
        });

Upvotes: 6

Related Questions