CODEWITHSUNDEEP
asp.net-coreidentityserver4asp.net-core-webapi
Anton Jan Rutten
Anton Jan Rutten

Reputation: 133

Identity Server 4 User management API

I've managed to get a solution working with a single page application project (ReactJS), an API running on ASP.net Core project and an IdentityServer 4 project.

I want to be able to call an API on the IdentityServer 4 project from the single page application project.

I created a simple controller class in the IdentityServer 4 application, with the authorize attribute. If I call it via Postman, however, I get the HTML for the login page back.

This happens after I already logged in on the API, and I use that same token.

How am I supposed to log in to identity server to make calls to it to manage users?

Upvotes: 3

Views: 1036

Answers (1)

mode777
mode777

Reputation: 3197

As stated in the comments, you should definitely add more information to your question. Your controller is part of the identity server's mvc application? Are you using AspnetCore.Identity?

If so, your controller is protected by AspnetCore.Identities's cookie authentication scheme. You need to send the cookie to access the controller. This has nothing to do with identity server as you are on the local MVC application, it's just plain vanilla MVC.

Postman has problems sending cookies, you need the interceptor chrome extension. You also need to login though postman.

This will probably work if the SPA is hosted by the same MVC application. If not you will need to configure your mvc applications to validate access tokens (not just issue them), like this:

// Adds IdentityServer
app.UseIdentityServer();

// Accept access tokens from identity server
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
    Authority = "http://localhost:5000",
    RequireHttpsMetadata = false,
    AuthenticationScheme = "Bearer"

    ApiName = "api1"
});

This way you can request access tokens for your local api through identity server, (You also need to configure an api scope for 'api1').

To validate them in your api-controller add this to your controller:

    [Authorize(ActiveAuthenticationSchemes = "Bearer")]
    [HttpGet]
    public string Bearer()
    {
        return "Access Token Accepted";
    }

Upvotes: 2

Related Questions