14423

How do I use Identity Server with .NET Core 2.1?

Question:

I am trying to get Identity Server working on an ASP.NET Core 2.1 project and I have followed the instructions <a href="http://docs.identityserver.io/en/release/quickstarts/6_aspnet_identity.html" rel="nofollow">here</a>, however, I realize those are for ASP.NET Core 2.0.

The Startup in the MVC client looks like this:

services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.SignInScheme = "Cookies"; options.Authority = "http://localhost:5000"; options.RequireHttpsMetadata = false; options.ClientId = "mvc"; options.ClientSecret = "secret"; options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("api1"); options.Scope.Add("offline_access"); });

With ASP.NET Core 2.1 the identity component is accessed here: http://localhost/Identity/Account/Login. The code above is redirecting to: http://localhost/Account/Login. My first idea was to replace the following line:

options.Authority = "http://localhost:5000";

with:

options.Authority = "http://localhost:5000/Identity";

However, I then get an error saying:

<blockquote>

IOException: IDX10804: Unable to retrieve document from: '<a href="http://localhost:5000/Identity/.well-known/openid-configuration" rel="nofollow">http://localhost:5000/Identity/.well-known/openid-configuration</a>'.".

</blockquote>

This is because the path needs to be: '<a href="http://localhost:5000/.well-known/openid-configuration" rel="nofollow">http://localhost:5000/.well-known/openid-configuration</a>'.

Can I fix this with routing? I believe if I ensure all requests to: http://localhost:5000/Account/Login are mapped to http://localhost:5000/Identity/Account/Login, then it will fix the issue. Is this correct and what would the route look like? I cannot get the route to work with an Area (Identity).

Answer1:

When you are using OpenID Connect, you are <em>not</em> having a login form on the web application. You are delegating the login responsibility to the OpenID Connect provider. In your case, that is IdentityServer, which is running in a separate application.

As such, it is not your web application you need to configure here: The authority <em>is</em> the root URL of your IdentityServer, so "http://localhost:5000" should be correct there. What you need to configure instead is IdentityServer to make it redirect to the right endpoints if it receives authorization requests without the user being logged in.

You can do that in the Startup of your IdentityServer application, where you add the service:

services.AddIdentityServer(options => { options.UserInteraction.LoginUrl = "/Identity/Account/Login"; options.UserInteraction.LogoutUrl = "/Identity/Account/Logout"; })

Answer2:

Not sure whether it helps but I had trouble with the Net Core 2.1 Identity implementation (The Login/Logout pages do not always appear) and needed to add a default Identity as follows in Startup.cs

// Identity Context services.AddDbContext<ApplicationDbContext>(options => { options.UseSqlServer(Configuration["DefaultConnection"], sqlOptions => sqlOptions.MigrationsAssembly(typeof(Startup).GetTypeInfo(). Assembly.GetName().Name)); }, ServiceLifetime.Scoped ); // Configure default Identity implementation services.AddDefaultIdentity<ApplicationUser>() .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultUI() .AddDefaultTokenProviders() .AddEntityFrameworkStores<ApplicationDbContext>();

The previous version (Net Core 2.0) is currently end of life (<a href="https://blogs.msdn.microsoft.com/dotnet/2018/06/20/net-core-2-0-will-reach-end-of-life-on-september-1-2018/" rel="nofollow">https://blogs.msdn.microsoft.com/dotnet/2018/06/20/net-core-2-0-will-reach-end-of-life-on-september-1-2018/</a>) so would not expect to find many GitHub repositories hosting applications that months on still only compile, build, and work using Net Core 2.0. IdentityServer is currently the only Open Source application providing a satisfactory best practice authentication/authorization framework for Single Sign On (SSO) using Open ID Connect and OAuth2 ;-)

Recommend

  • Executing nodejs script file in PHP using exec()
  • How can I test TCP socket status in Perl?
  • Templates, Inheritance, and Virtual Methods (C++)
  • How to pass the contents of a file using `cat` to `_values` (zsh completion)
  • wcstombs() has invalid output on Android
  • Fetching statements from Learning Locker LRS using TinCan API
  • Peek MSMQ message with infinite timeout
  • How to extract element-path from XMLType Node?
  • Wordpress and Drupal SSO/Single Sign On
  • DotNetOpenAuth - how to uniquely identify Google users?
  • Google OAuth2 for an web application hosted behind NAT (intranet server without public IP)
  • Runtime error in UVA Online Judge [closed]
  • 3.0.0.M1: SSL - Invalid keystore format
  • Excel VBA URLDownloadToFile Error for https Ressource
  • How to copy styled text in JTextPane
  • SAXReader not re-ecape characters
  • Spring Cloud Microservice Architecture Confusion
  • Unable to install Git-core+svn by MacPorts
  • Unable to decode certificate at client new X509Certificate2()
  • How do I get HTML corresponding to current DOM tree?
  • How to test if a URL from an Eclipse bundle is a directory?
  • JQuery Internet Explorer and ajaxstop
  • JSON response opens as a file, but I can't access it with JavaScript
  • Checking free space on FTP server
  • The plugin 'org.apache.maven.plugins:maven-jboss-as-plugin' does not exist or no valid ver
  • How can I send an e-mail from a vbs script
  • Using $this when not in object context
  • Launch Runnable Jar from Web Start
  • How do I fake an specific browser client when using Java's Net library?
  • How reduce the height of an mschart by breaking up the y-axis
  • Perl system calls when running as another user using sudo
  • Change an a tag attribute in JavaScript based on screen width
  • R: gsub and capture
  • AT Commands to Send SMS not working in Windows 8.1
  • Is there a mandatory requirement to switch app.yaml?
  • Hits per day in Google Big Query
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Linking SubReports Without LinkChild/LinkMaster
  • XCode 8, some methods disappeared ? ex: layoutAttributesClass() -> AnyClass
  • UserPrincipal.Current returns apppool on IIS