asp.net web api - OWIN Authentication Server for multiple applications -


i in process of implementing solution has mvc client (lets call client @ localhost:4077/) webapi service (called api @ localhost:4078/)

i have implemented owin oauth in api wanted know whether owin implemented in separate solution (lets call auth @ localhost:4079/token) generate token client, client passes api (as bearer authorisation token)

the reason querying there additional webapi services accessed client , i'd use owin between client , api services.

the issue not sure if token generated auth service used authorise requests on client , api services.

has implemented , if provide example, pretty new owin , oauth appreciated

separating authorization server resource server extremely easy: work without code if use iis , if have configured identical machine keys on both applications/servers.

supporting multiple resource servers bit harder implement owin oauth2 server if need select endpoints access token can gain access to. if don't care that, configure resource servers same machine keys, , you'll able access apis same tokens.

to have more control on endpoints can used access token, should take @ aspnet.security.openidconnect.server - fork of oauth2 server comes owin/katana - natively supports scenario: https://github.com/aspnet-contrib/aspnet.security.openidconnect.server.

it's relatively easy set up:

add new middleware issuing tokens in authorization server application (in startup.cs):

app.useopenidconnectserver(new openidconnectserveroptions {     provider = new authorizationprovider() });

add new middleware validating access tokens in different api servers (in startup.cs):

app.usejwtbearerauthentication(new jwtbearerauthenticationoptions {     // allowedaudiences must contain absolute url of api.     allowedaudiences = new[] { "http://localhost:11111/" },      // x509certificatesecuritytokenprovider must initialized issuer corresponding absolute url of authorization server.     issuersecuritytokenproviders = new[] { new x509certificatesecuritytokenprovider("http://localhost:50000/", certificate) } });  app.usejwtbearerauthentication(new jwtbearerauthenticationoptions {     // allowedaudiences must contain absolute url of api.     allowedaudiences = new[] { "http://localhost:22222/" },      // x509certificatesecuritytokenprovider must initialized issuer corresponding absolute url of authorization server.     issuersecuritytokenproviders = new[] { new x509certificatesecuritytokenprovider("http://localhost:50000/", certificate) } });

finally, add new openid connect client middleware in client app (in startup.cs):

app.useopenidconnectauthentication(new openidconnectauthenticationoptions {     // essential parameters have been omitted brevity.     // see https://github.com/aspnet-contrib/aspnet.security.openidconnect.server/blob/dev/samples/mvc/mvc.client/startup.cs more information      // authority must correspond absolute url of authorization server.     authority = "http://localhost:50000/",      // resource represents different endpoints     // access token should issued (values must space-delimited).     // in case, access token requested both apis.     resource = "http://localhost:11111/ http://localhost:22222/", });

you can have @ sample more information: https://github.com/aspnet-contrib/aspnet.security.openidconnect.server/blob/dev/samples/mvc/

it doesn't use multiple resource servers, shouldn't hard adapt using different steps mentioned. feel free ping me if need help.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more