Reputation: 889
Mixing IdentiyServer4 and WebAPI .net 4.5.2
I'm new to IdentityServer. I have followed the IdentityServer4 tutorial here
But this tutorial only shows how to secure a .net core API. I cannot find any tutorials using IdentityServer4 which also shows how to secure a .net 4.# WebAPI. I have found a post on StackOverflow here which suggests to use Microsoft Katana JWT middleware, but I have no idea how this would be implemented as I'm new to this.
Can anyone point me to a tutorial (or combination if needed) which will point me in the right direction. Thanks in advance.
UPDATE:
I am attempting to use IdentityServer3 for the API and IdentityServer4 for the Authorisation server.
I have created an IdentityServer4 authorisation server, this seems to be working fine.
I have created a WebAPI (using full .Net framework - in this case 4.7.1). I have followed the instructions on how to incorporate IdentityServer into the API from the IdentityServer3 documentation. So as expected, I now get a 401 Unauthoriased Access, when I try to navigate directly to the controller via a browser, so this is secure.
I have created a console client. I have configured this to point at the IdentityServer4 Auth Server and now get an access token back.
Only now when I SetBearerToken with this access token on the client, I still get a 401 Unauthorised. I have used both http and https for the authorisation server... I'm now scratching my head again!
Upvotes: 1
Views: 1169
Answers (1)
Reputation: 4859
Here is the complete example. As described in the brief guide you found yourself, all you need (after adding all the necessary packages) is to add the following to you Startup.cs:
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://identity.identityserver.io",
RequiredScopes = new[] { "api1", "api2" }
});
Turned out that when used with ValidationMode = ValidationMode.ValidationEndpoint option, IdentityServerBearerTokenAuthentication from Identityserver 3 is not compatible with Identityserver 4. Switching to ValidationMode.Local solves the situation.
Upvotes: 1
Related Questions
- identity server 4 as a API and web project
- IdentityServer4 as Web API
- Web Api .net framework 4.6.1 and identityServer4
- asp.net core 3 and identityserver4
- Identity Server 4 and web api for user management
- IdentityServer 4- ASP.net webapi (non core) - Missing ApiResource
- asp.net 5 and IdentityServer4
- Integrating IdentityServer4 With WebAPI
- IdentityServer4 and Web API .NET 4.6.2
- IdentityServer3 and Web API in same process