Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Identity Server 4 with custom logic RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I have been tasked with implementing Identity Server 4; I thought this would be a simple endeavor.  I have a .NET Core 2.1 web application where I've written all the code to connect to our database and do the verification process to determine if a user is valid however, I'm unsure of how everything is supposed to be wired up from the Identity Server 4 side of things.  Currently my login method looks like this:

            public async Task<IActionResult> Login(LoginModel model)
        {
            Shared.OperationResult result = await _lazyUserService.Value.LoginAsync(model.ToDomainModel()).ConfigureAwait(false);
            if (result.ApplicationErrors.Count > 0)
                return RedirectToAction("Index", "Error");
            if (result.ValidationErrors.Count > 0)
            {
                ViewData["Errors"] = result.ValidationErrors;
                return View(model);
            }
            ClaimsIdentity claimsIdentity = new ClaimsIdentity(new List<Claim>()
            {
                new Claim(JwtClaimTypes.Subject, "something"),
                new Claim(ClaimTypes.NameIdentifier, "guid"),
                new Claim(ClaimTypes.Email, model.Username),
                new Claim(ClaimTypes.Role, "role")
            });
            await HttpContext.SignInAsync(new ClaimsPrincipal(claimsIdentity));
            return RedirectToAction("Index", "Home");
        }

    However, when it redirects to Home/Index, the Authorize attribute is redirecting back to the login page as the user isn't logged in.  I have read that I need two classes, one that implements IProfileService and one that implements IResourceOwnerPasswordValidator.  I've created those and wired them up in Startup.cs.

            public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

            services.AddIdentityServer()
                .AddInMemoryIdentityResources(new List<IdentityResource>()
                {
                    new IdentityResources.OpenId(),
                    new IdentityResources.Profile(),
                    new IdentityResources.Email(),
                    new IdentityResource()
                    {
                        Name = "role",
                        UserClaims = new List<string> { "role" }
                    }
                })
                .AddInMemoryClients(new List<Client>()
                {
                    new Client()
                    {
                        AllowedGrantTypes = GrantTypes.ClientCredentials,
                        ClientId = "ClientId",
                        ClientName = "My Client Name",
                        ClientSecrets = new List<Secret>()
                        {
                            new Secret("super secret password".Sha512())
                        }
                    }
                })
                .AddProfileService<UserProfileService>()
                .AddResourceOwnerValidator<UserResourceStore>()
                .AddDeveloperSigningCredential();
        }

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
                app.UseDeveloperExceptionPage();
            else
                app.UseExceptionHandler("/Home/Error");

            app.UseStaticFiles()
                .UseIdentityServer()
                .UseAuthentication()
                .UseMvc(routes =>
                {
                    routes.MapRoute(
                        name: "default",
                        template: "{controller=Account}/{action=Login}/{id?}");
                });
        }

    Still, nothing is working.  I guess I'm just lost on what I need to do to get things up and running.  Also, there seems to be a difference in how my project is setup vs how I've seen other Identity Server examples.  I do not have a separate API project.  I have one project for Identity Server, the web project, and that's it.

    Any help on this would be greatly appreciated.

    • Moved by CoolDadTx Thursday, November 29, 2018 8:55 PM ASP.NET related
    Thursday, November 29, 2018 8:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Please post questions related to web development in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, November 29, 2018 8:54 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I certainly didn't go through all of that. I just took the Core 2.0 code implementation of what is in the link from the downloaded source code and implemented it in my Core 2.1 MVC solution a simple copy/paste operation,  and I was off and running. I didn't need the role management part.

    https://www.c-sharpcorner.com/article/getting-started-with-asp-net-core-2-0-identity-and-role-management/

    However,  Core forum is at ASP.NET forums where you should post. 

    http://forums.asp.net/

    FYI you can make a Core 2.0 project run in a Core .2.1 project, becuase they are incompatible. You have to code copy/paste, if you use the downloaded source code. I was up and ruining in about an hour or so.  

     
    Thursday, November 29, 2018 9:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you for the link; I'll check it out.  I have also re-posted in the ASP.NET forums.
    Thursday, November 29, 2018 9:11 PM