Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Bruno Grisolia Casarotti
    Hi, I would like to know if it is possible to extract claims from external providers like facebook and use them on SecurityTokenValidated during the claims transformation proccess using inMemoryUsers, does anyone could help me on that? I saw this answer (http://stackoverflow.com/questions/28150316/thinktecture-identity-server-v3-how-to-keep-claims-from-external-providers) on SO but I coud not fully understood it.
    Sriram Danturthi
    How to set cookie path to current domain
    i am trying this way app.Use(async (ctx, next) =>
    // we only want this to run once, so assign to null once called
    // (and yes, it's possible that many callers hit this at same time,
    // but the set is idempotent)
    if (cookieAuthenticationOptions.CookiePath.Equals("/"))
    cookieAuthenticationOptions.CookiePath = ctx.Request.PathBase.Value;
    await next();
    but its always redirecting to identity server

    Hi everybody! I am having a devil of a problem using IdentityServer3 as an Azure Web App. It is a 3 Web App setup (front-end, web-api backend and IdentityServer for OAuth/Open ID Connect). Everything starts out running fine and as expected and configured.

    The trouble starts when signing out (using Request.GetOwinContext().Authentication.SignOut()). Not all logouts lead to this problem but the problem always occurs right after a logout. What happens is that the Web App containing IdentityServer3 becomes completely unresponsive: any attempt to access the frontend (which then redirects to IdentityServer) leads to a server timeout. No Application Insights telemetry whatsoever is produced when the server hangs.

    The only way to get this 3 Web App setup running again is to restart the Web App running IdentityServer3. Subsequently everything again appears to run perfectly: logging, tracing and Application Insights show no problems. Then it's just a matter of time before the hang occurs again. I have contacted Microsoft support for Azure and they are also looking into it. Does this ring any bells with anyone? I would sure appreciate any thoughts on this.

    We have a development and a test setup of this 3 Web App configuration and the exact same problem occurs in both.

    Hi guys have anyone a suggestion on how to do a loadtest on your site when using thinktecture to validate users. We would like to simulate a few hundred users logging into our our site using thinktecture. We have been looking into loadcomplete and other programs. In most of these programs you record a scenario e.g. logging in to our site using thinktecture, however we are not able to do it automated.
    Josh Burgess
    Anyone have any info on IdentityServer vs the Azure AD Multi-tenant SaaS solution? Was trying to go with IdentityServer but getting pressured to evaluate against the Azure AD solution now.... took a look at it and it seems to cover most of the bases.... WSFED, SAML 2.0, OpenID Connect/OAuth, authorization with JSON web tokens, etc.... anybody have anything valuable I could mention about IdentityServer in comparison?
    Does anyone know if it's possible to add audit columns to the EF generated tables? e.g. LastUpdateUsername etc.?
    Hi all,
    Im facing a blocking issue with IS4 TokenRequestValidator for OwnerPasswordFlow
    IS4 1.0.0 does not accept passwords containing only whitespaces
    it was checked here:
    if (userName.IsMissing() || password.IsMissing())
    LogError("Username or password missing");
    return Invalid(OidcConstants.TokenErrors.InvalidGrant);
    Validation\TokenRequestValidator.cs, line 368
    and I cannot find a way to override that behavior
    it would be great if someone here can help... thank you
    my current solution is... create a subclass of the original validator
    and copy everything from it... except that lines of check
    oops it's wrong group, it's IS3... sorry
    Ronak Kapadia
    Hi All, I am setting up IDserver3 on my local machine, using Webhost(Minimal) sample code. The web hosting is working fine, but when I try to use the IDserver3 from my application, it is not redirecting me to the login page. Instead, it goes to authorise page and throw Invalid_request exception
    Any help is much appreciated, as I am new to this
    It throws this exception: Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request
    I've just started getting : 2017-03-29 12:01:18.521 +01:00 [Information] Callback invoked from external identity provider
    2017-03-29 12:01:18.521 +01:00 [Error] External identity provider returned error: "access_denied"
    when everything has been working fine for months
    has nayone had this issue ?
    Looks like its necessary to upgrade to pre-release of microsoft.owin.security.facebook
    as stated in this issue : aspnet/AspNetKatana#38
    Tim Parker-Nance
    Hi, I have a working IDServer3, WebAPI with UseIdentityServerBearerTokenAuthentication, MVC client calling the WebAPI. Is it possible in the WebAPI to get the ClientID of the calling MVC client?
    Hi all. According to http://openid.net/specs/openid-connect-core-1_0.html UserInfo can be in JWT format. It's possible in current version of IS3 ?
    Jaymie Jeffrey
    Hey all, I have a question I posted on stack overflow that I was hoping someone could help me with
    Basically, I have managed to set up a scope and client and I have managed to authenticate
    I received my token, but when I try to access any controller decorated with the Authorize attribute I get a 401 error
    anyone know why?
    Jorge Gaona
    Hi there... does anyone know if scope claim values should be returned regardless if the user authorizes or not? I'm calling an API passing the token generated in my MVC app. From the API I can retrieve the values for profile and role claims (stated as scopeClaims in the corresponding scope); in the MVC app they are not returned. In both cases I retrieve them using ((User as ClaimsPrincipal).Claims.
    Jaymie Jeffrey
    Not sure if I have fixed it
    but it appears that Transform is invoked multiple times during a request
    so I have added a private property for the current user
    which I only try to assign if it is null (it hasn't been assigned to before)
    that seems to work
        public class ClaimsTransformer
            private readonly IUserProvider _userProvider;
            private UserViewModel _currentUser { get; set; }
            public ClaimsTransformer(IUserProvider userProvider) => _userProvider = userProvider;
            /// <summary>
            ///     Gets the user claims for the current user
            /// </summary>
            /// <param name="incomingPrincipal">The incoming claims principal</param>
            /// <returns></returns>
            public async Task<ClaimsPrincipal> Transform(ClaimsPrincipal incomingPrincipal)
                // If the current user is authenticated
                if (!incomingPrincipal.Identity.IsAuthenticated) return incomingPrincipal;
                // Get our user id
                var id = incomingPrincipal.Identity.GetSubjectId();
                // If we have our id
                if (string.IsNullOrEmpty(id)) return incomingPrincipal;
                // Get our current user if we haven't already
                if (_currentUser == null) _currentUser = await _userProvider.GetAsync(id);
                // Get the user claims and add to our identity
                var userClaims = _currentUser.Claims;
                var claims = userClaims.Select(ModelFactory.Create);
                foreach (var claim in claims) incomingPrincipal.Identities.First().AddClaim(claim);
                // Return our modified claims principal
                return incomingPrincipal;
    I shall do some more testing and see if it has actually resolved the issue
    Anyone knows how to config userlogin logs
    Jaymie Jeffrey
    so I am reading this article
    and it states that you can't DI database entities into the ClaimsTransformer
    so my solution above won't work (and it doesn't always work)
    how can I get database claims and assign it to the current identity?