asp.net web form client with identity server 4

2020-05-26 09:38发布

问题:

I have a asp.net solution which consists of

1). asp.net identity server rc 3
2). asp.net Core web api
3). asp.net webform ( not in asp.net core, client)

I don't see any sample with identity server 4 and web form client. Can you please suggest how to authenticate web form user using identity server with asp.net identity and then call api with the access token ?

I don't see identity server 4 sample with web form client or sample

identity server 3 has a sample but it is doing everything in startup

When i see mvc client for identity server 4, it has all settings in configure method and then calls it like this

How will i apply Authorize attribute in webform so that i am redirected to identity server 4 for login and then after login when i call api like this:

how to change client for webform ?

 new Client()
                  {
                    ClientId = "mvcClient",
                    ClientName = "MVC Client",                    
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                    ClientSecrets = new List<Secret>()
                    {
                        new Secret("secret".Sha256())
                    },

                    RequireConsent = false;

                    // where to redirect to after login
                    RedirectUris = { "http://localhost:5002/signin-oidc" },
                    // where to redirect to after logout
                    PostLogoutRedirectUris = { "http://localhost:5002" },

                    AllowedScopes =
                    {
                        StandardScopes.OpenId.Name,
                        StandardScopes.Profile.Name,
                        StandardScopes.OfflineAccess.Name,
                        StandardScopes.Roles.Name,
                        "API"
                    }
                }

new InMemoryUser()
            {
                Subject = "1",
                Username = "testuser",
                Password = "password",
                Claims = new List<Claim>()
                {
                    new Claim("name", "Alice"),
                    new Claim("Website", "http://alice.com"),
                     new Claim(JwtClaimTypes.Role, "admin")

                }
            }


 return new List<Scope>()
                {
                    StandardScopes.OpenId, // subject id
                    StandardScopes.Profile, // first name, last name
                    StandardScopes.OfflineAccess, 
                   StandardScopes.Roles,
                    new Scope()
                    {
                        Name = "API",
                        Description = "API desc",
                         Type = ScopeType.Resource,
                        Emphasize = true,
                        IncludeAllClaimsForUser = true,
                        Claims = new List<ScopeClaim>
                        {
                            new ScopeClaim(ClaimTypes.Name),      
                            new ScopeClaim(ClaimTypes.Role)
                        }
                    }
                };


 public void CallApiUsingClientCredentials()
                {
                    var tokenClient = new TokenClient("http://localhost:5000/connect/token", "mvc", "secret");
                    var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");

                    var client = new HttpClient();
                    client.SetBearerToken(tokenResponse.AccessToken);
                    var content = await client.GetStringAsync("http://localhost:5001/identity");

                    var result = JArray.Parse(content).ToString();

                }

 [Authorize(Roles="admin)]
          [HttpGet]
           public IActionResult Get()
                    {
                        return new JsonResult(from c in User.Claims select new { c.Type, c.Value });
                }

回答1:

Late answer, but hopefully it helps someone, still supporting web forms.
There is no problem to use startup together with web forms. The only limitation is no place for AuthorizeAttribute there, but it's still not a problem, just put:

app.UseStageMarker(PipelineStage.Authenticate);

at the bottom of your

public void Configuration(IAppBuilder app)

method within OWIN Startup.

An example Startup implementation could be fetched from my github. It works with MVC, Web Forms and additionally brings JWT validation from IdentityServer v.3' codebase, upgraded to compile with the latest OWIN libraries.


If I still left anything unclear, don't hesitate to ask in the comments.



回答2:

In WebForms you can set up authorization in web.config

<configuration>
  <system.web>
    <authorization>
      <allow roles="domainname\Managers" />
      <deny users="*" />
    </authorization>
  </system.web>
</configuration>

From the answer on StackOverflow

Also look at the web.config in example of IdentityServer3

  <location path="About">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>