Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Paul McNamara
    @mackie1001
    I'm trying to use the attestation metadata service but it appears to barely contain any metadata
    Ken Hadden
    @cosmoKenney
    Hi, I'm trying to migrate an old Web Forms site to OIDC. I'm looking at the IDS3 WebFormsClient sample. Does anyone know of a list that maps the IDS3 to IDS4 namespaces and packages?
    Ken Hadden
    @cosmoKenney

    In the IdentityServer3 WebForms client sample, the Startup::Configuration method calls Clear on the static InboundClaimTypeMap in this line:

    JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

    But in the current version of System.IdentityModel.Tokens.Jwt, the InboundClaimTypeMap is an instance (non-static) property of JwtSecurityTokenHandler.
    Is there a way to get the correct instance?

    Ken Hadden
    @cosmoKenney
    ...never mind I downgraded to make it work
    Ken Hadden
    @cosmoKenney
    I've got an issue where after loggin in to my webforms site, the Context.User.Identity.Name has the user's full name (first and last) name instead of their login name. With forms auth, Context.User.Identity.Name was always the login name.
    santosh2812
    @santosh2812
    Hi All, I trying to implement - AddAspNetIdentity<ApplicationUser> , can you plz share some link for asp,net core 2.2
    Anil Chaulagain
    @anilchaulagain25
    Hi all, I have to call the protected API resources from authorized identity server context, How can I achieve this?
    WalterEbbers
    @WalterEbbers
    Hi all,
    i have a mvc4 webapp that needs to connect to a identityserver. The idenity server is fully up and running and our new .net core apps can connect to it, but somehow we can't manage to get our current legacy mvc4 app to connect. When clicking a protected area it results in a 401.0 unauthorized page instead of being redirected to the ids4 login page.
    I made a post about it on stack overflow a few weeks back( with no answers unfortunatly) with the code i am using.
    The last edit on the post is after i found something on the github called CrossVersionIntegrationTest, but it didn't help.
    The post: https://stackoverflow.com/questions/57303722/question-how-to-fix-asp-net-mvc-4-webapp-not-redirecting-to-identityserver4-log
    I hope someone is able to help :).
    Kind regards,
    Baskar
    @Baskargit
    Hi all,
    Baskar
    @Baskargit

    Hi all,

    I am using IdentityServer4.
    1). Is it possible to use one user for multiple Clients (or) tenants? (For User management I am using "Microsoft.AspNetCore.Identity")
    2). Is it possible to change the type of ClientId(int) in IdentityServer4 to type of Guid?

    Paul McNamara
    @mackie1001
    the int ID is just for internal DB reasons
    the external ID is one you define
    Paul Smith
    @eratos
    @cosmoKenney Late answer but I think you need JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
    eyordanovsm
    @eyordanovsm
    Hi all, can you give me good working example of distributed session implementation of ids4 with Sql Server or Redis. I've followed the example provided by Microsoft here (https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-2.2#distributed-redis-cache) but it is not working, or I'm missing something.
    Paul McNamara
    @mackie1001
    @eyordanovsm what are you trying to achieve?
    And what specifically is not working?
    santosh2812
    @santosh2812
    @tich92 Hi sir, I am also facing the same issue . Can you please tell me how you fixed the same.
    eyordanovsm
    @eyordanovsm
    image.png
    @mackie1001 I want to keep the sessions alive after deploying the application. So based on the best practices provided by microsoft I've added SQL Server distributed cache storage. I've implemented SQLServerTicketStore (ITicketStore) like the implementation provided here - https://mikerussellnz.github.io/.NET-Core-Auth-Ticket-Redis/ .
    In my startup I've called AddDistributedSqlServerCache.
    If I require in my controller the IDistributedCache, it writes to the DB, when I call HttpContext.Session from the controller, it writes to the DB, but the Identity Server doesn't.
    I should be missing something.
    eyordanovsm
    @eyordanovsm
    image.png
    @eyordanovsm Actually when idsv4 creates the session it writes record to the database, but when I restart the application, the session is no longer active.
    Paul McNamara
    @mackie1001
    @eyordanovsm Identity server doesn't use session at all, it has its own store for persisted grants though
    When using the usual pattern user "session" state is stored in the authentication cookie
    Which in turn can use a server-side ticket store, as you are here
    @eyordanovsm are you persisting your data protection keys somewhere? If you don't then new keys will be generated on restart and any protected data will become invalid
    eyordanovsm
    @eyordanovsm
    @mackie1001 No I'm not persisting the protection keys, I've tried and now it seems to be working after server restart. Thank you for your help!!
    Mark McGookin
    @markmcgookin
    Hi all, I have an IdentityServer4 Identity provider setup, and one of the things being requested is a "List all active sessions/devices" function... is there anything like this built in that I can call? I haven't added any persistent storage yet, I'm currently just using in memory PersistedGrants, IdentityResources, ApiResources and clients... Is there one of these I should change then query something like redis/a database for that information? Thanks for any help.
    (I should add that it would be on a per-user basis) "See all your active sessions" type function. Somewhere that they could "log out of all devices"
    Paul McNamara
    @mackie1001
    I don't think you quite get what you need out of the box but it'd be possible to build it I think
    if you store your authentication cookies in a database along with your persisted grants then "sign me out of everywhere" becomes straight forward
    showing device names would be trickier since this isn't something you'd typically know unless you had dynamic client registration maybe
    where the client name is the device name
    Mark McGookin
    @markmcgookin
    Ok cool, thanks @mackie1001 ... I'm adding the persistedgrantdb from the current migration sql on github now, I will look at both a custom IPersistedGrantStore and the out of the box one and see if I can store a bit extra in something... or at least log a date time of "logged in here at xxxx:xx:xxxx"
    MdeBruin
    @MdeBruin93
    @WalterEbbers 401 when redirecting to ids4 means that there is something wrong with either the client id and secret the mvc4 app is passing or the origin url is incorrect
    WalterEbbers
    @WalterEbbers
    @MdeBruin93 Thnx for the reply, i'll see if i have made some mistakes on the clientid / secret / origin side.
    GeordieStew
    @GeordieStew

    Afternoon folks. I'm trying to set up a website which runs IS4 and also has Azure AD auth for the actual website (it'll be used to manage IS4 clients etc). I'm getting an issue with "OptionsValidationException: The 'Instance' option must be provided.". Both work fine in isolation, but together it fails.

    https://github.com/GeordieStew/TestIS4Azure code is there (with azure details blocked out, but it still fails)

    Any ideas? :) Thank you in advance
    Parthi
    @ParthiKarnan
    Hi All, I have created IdentityServer4 access token, refresh and userinfo api endpoints using .net core 2.2 version. Now I would like to do unit test using xUnit package. Please share any sample application link to implement same? I've no idea with unit test with IdentityServer4 for access token, refresh and userinfo api endpoints
    Paul McNamara
    @mackie1001
    @ParthiKarnan what specifically are you looking to test? IdentityServer4 has its own suite of tests already
    jrovny
    @jrovny
    Has anyone done MTLS with Identity Server? Their documentation says, "your web server can be configured to require mutual TLS for all requests at and below that path [~/connect/mtls]." I'm not seeing that this is possible in IIS. In fact, in the dunno.Authentication.Certificate handler package their documentation references it explicitly says it's not possible. Thoughts?
    jrovny
    @jrovny
    Regarding my question, see the GitHub conversation I started with Brock Allen here
    Mark McGookin
    @markmcgookin
    Hi All, me again... we are successfully using the persisted grant store (EntityFramework and SQL Server) however, I was wondering if it is possible to add properties to this somehow. If I implement IPersistedGrantStore the arguments are all just strings required for lookups, and I can't extent the Grant being passed into StoreAsync (even if I inherit from IdentityServer4.Models.PersistedGrant) to just add something like the IP address used when the token was issued.
    I literally want to add one or two simple fields at the point of adding to the store... is this possible? Is there another class I can implement with methods that call the store, thus allowing me to change the implemented interface of the store?
    Mark McGookin
    @markmcgookin
    Even if I had to add a "go and update the row with this key" in the PersistedGrantStore/Operational DB with the IP address that would be fine, if it was happening each call in "IsActiveAsync" in IProfileService, or once for each new grant in IResourceOwnerPasswordValidator that would be fine... but I just can't see how to get the "HttpContext" or equivalent information about the call itself (the IP is all I need) in any of those places. Any ideas?
    Paul McNamara
    @mackie1001
    IHttpContextAccessor is your friend ๐Ÿ‘๐Ÿป
    Donโ€™t forget to wire up the X-ForwardedFor
    Header
    Mark McGookin
    @markmcgookin
    @mackie1001 thanks, I've implemented my own IPersistedGrantStore (basically just a copy of the one already there) and added the IP address field in, I'm casting my custom object back to the basic object so IS4 is none the wiser. Cheers. In dotnet core, i didn't need to do the header stuff (although I'm not using a load balancer, so that might come in to play later) I added in the IHttpContextAccessor to the DI stuff and then am able to call HttpContextAccessor.HttpContext.Connection.RemoteIpAddress from the store.
    Ken Hadden
    @cosmoKenney
    @eratos thanks. I believe I tried that, but it broke something down-stream. So I simply ended up downgrading the packages and it magically started working.