none
Identity Server 4 with custom logic

    Pertanyaan

  • Hello,

    I have been tasked with implementing Identity Server 4; I thought this would be a simple endeavor.  I have a .NET Core 2.1 web application where I've written all the code to connect to our database and do the verification process to determine if a user is valid however, I'm unsure of how everything is supposed to be wired up from the Identity Server 4 side of things.  Currently my login method looks like this:

            public async Task<IActionResult> Login(LoginModel model)
            {
                Shared.OperationResult result = await _lazyUserService.Value.LoginAsync(model.ToDomainModel()).ConfigureAwait(false);
                if (result.ApplicationErrors.Count > 0)
                    return RedirectToAction("Index", "Error");
                if (result.ValidationErrors.Count > 0)
                {
                    ViewData["Errors"] = result.ValidationErrors;
                    return View(model);
                }
                ClaimsIdentity claimsIdentity = new ClaimsIdentity(new List<Claim>()
                {
                    new Claim(JwtClaimTypes.Subject, "something"),
                    new Claim(ClaimTypes.NameIdentifier, "guid"),
                    new Claim(ClaimTypes.Email, model.Username),
                    new Claim(ClaimTypes.Role, "role")
                });
                await HttpContext.SignInAsync(new ClaimsPrincipal(claimsIdentity));
                return RedirectToAction("Index", "Home");
            }

    However, when it redirects to Home/Index, the Authorize attribute is redirecting back to the login page as the user isn't logged in.  I have read that I need two classes, one that implements IProfileService and one that implements IResourceOwnerPasswordValidator.  I've created those and wired them up in Startup.cs.

            public void ConfigureServices(IServiceCollection services)
            {
                services.Configure<CookiePolicyOptions>(options =>
                {
                    options.CheckConsentNeeded = context => true;
                    options.MinimumSameSitePolicy = SameSiteMode.None;
                });
    
                services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    
                services.AddIdentityServer()
                    .AddInMemoryIdentityResources(new List<IdentityResource>()
                    {
                        new IdentityResources.OpenId(),
                        new IdentityResources.Profile(),
                        new IdentityResources.Email(),
                        new IdentityResource()
                        {
                            Name = "role",
                            UserClaims = new List<string> { "role" }
                        }
                    })
                    .AddInMemoryClients(new List<Client>()
                    {
                        new Client()
                        {
                            AllowedGrantTypes = GrantTypes.ClientCredentials,
                            ClientId = "ClientId",
                            ClientName = "My Client Name",
                            ClientSecrets = new List<Secret>()
                            {
                                new Secret("super secret password".Sha512())
                            }
                        }
                    })
                    .AddProfileService<UserProfileService>()
                    .AddResourceOwnerValidator<UserResourceStore>()
                    .AddDeveloperSigningCredential();
            }
    
            public void Configure(IApplicationBuilder app, IHostingEnvironment env)
            {
                if (env.IsDevelopment())
                    app.UseDeveloperExceptionPage();
                else
                    app.UseExceptionHandler("/Home/Error");
    
                app.UseStaticFiles()
                    .UseIdentityServer()
                    .UseAuthentication()
                    .UseMvc(routes =>
                    {
                        routes.MapRoute(
                            name: "default",
                            template: "{controller=Account}/{action=Login}/{id?}");
                    });
            }

    Still, nothing is working.  I guess I'm just lost on what I need to do to get things up and running.  Also, there seems to be a difference in how my project is setup vs how I've seen other Identity Server examples.  I do not have a separate API project.  I have one project for Identity Server, the web project, and that's it.

    Any help on this would be greatly appreciated.

    • Dipindahkan oleh CoolDadTx Kamis, 29 November 2018 20.55 ASP.NET related
    Kamis, 29 November 2018 20.03

Semua Balasan

  • Please post questions related to web development in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Kamis, 29 November 2018 20.54
  • I certainly didn't go through all of that. I just took the Core 2.0 code implementation of what is in the link from the downloaded source code and implemented it in my Core 2.1 MVC solution a simple copy/paste operation,  and I was off and running. I didn't need the role management part.

    https://www.c-sharpcorner.com/article/getting-started-with-asp-net-core-2-0-identity-and-role-management/

    However,  Core forum is at ASP.NET forums where you should post. 

    http://forums.asp.net/

    FYI you can make a Core 2.0 project run in a Core .2.1 project, becuase they are incompatible. You have to code copy/paste, if you use the downloaded source code. I was up and ruining in about an hour or so.  

     
    Kamis, 29 November 2018 21.05
  • Thank you for the link; I'll check it out.  I have also re-posted in the ASP.NET forums.
    Kamis, 29 November 2018 21.11