scottbrady91 / identityserver4-example Goto Github PK

View Code? Open in Web Editor NEW

178.0 13.0 84.0 989 KB

Example IdentityServer4 & Duende IdentityServer implementation.

Home Page: https://www.scottbrady91.com/Identity-Server/Getting-Started-with-IdentityServer-4

License: MIT License

C# 86.36% CSS 0.62% JavaScript 0.12% HTML 12.89%

identityserver openid-connect oauth2 aspnet-core identityserver4 duende-identityserver

identityserver4-example's Introduction

I help developers learn OAuth and web security.

I'm an Engineering Manager at ClearBank and a Pluralsight Author. I specialize in IdentityServer and all things Authentication, Identity, OAuth, and OpenID Connect.

In my day job at ClearBank, I'm an Engineering Manager for one of the Faster Payments teams. I'm currently taking a break from the identity world to focus on my leadership skills.

Previously at 10x Banking, I was a combination of team lead and technical product manager, leading a team of experienced IAM specialists while also championing identity standards and helping with design & architecture. Before that, at Rock Solid Knowledge, I created identity solutions for customers and developed commercial IdentityServer products. This allowed me to play with older protocols such as SAML & WS-Federation and cutting-edge technologies such as FIDO2.

I mainly work with C# and ASP.NET Core, but otherwise, I dabble with languages such as Kotlin, Go, and Typescript.

I sometimes make an appearance on the speaking circuit, whether it's user groups, conferences, or recorded.

👨‍🔧 Website: scottbrady91.com

🐤 Twitter: @scottbrady91

💼 LinkedIn: scottbrady91

🧑 Timeline: my Polywork timeline

identityserver4-example's People

Contributors

Stargazers

Watchers

Forkers

wondertrap meduccuong fjsnogueira codematrix weedkiller wolfheart-ii giangnn dondre dan2dev mnf stokesy43 rafadeschain kchinburarat wilschok shabbirh shenba2014 bohdankhrysanfov feload sebastiantecsi dwilliams459 dayan2 apinetworks raviroyind matrixdekoder originalobjective f4rukr dmitry-pavlov oguzozgen ngohungphuc mks786 sayed-aboshama devbrsa chrisryanhill think8848 bionstt buzzlu buddhikaw raghavendar voutsasva andriy1024 jovitakao nareshkumarhimachalapathi hicham-04 rafysanchez wagnerhsu jeanrandria chandradev819 hamza23579 wiki6 randaarchitect phanphu299 jmanuelcorral emelhu etsangsplk bulusduan jeffcorcoran workcontrolgit nareshbulusu patrickxiong ayazali21 murugabalaji rukcol angelyordanov gunjankhanwilkar atefmlaouhi alexf4dev motswanax edwardrockkuma odixon dodo170698 shockzinfinity shiqw mallapuram wuxin2016 jay-coder deserof ydemircali josephtamhk ehtick mustafas18 victorsimas gardin1992 xasanali vasuinukollu

identityserver4-example's Issues

Identity Server logout not working in example

Hi Scott,

I am trying to get your example working and can't understand why logout it not working.

Steps

download zip, open in VS 2017 (note: did not make any code changes)
run project ScottBrady91.IdentityServer4.Example ONLY
login as scott / Password123!
go to menu under scott and select logout. on screen that comes up select "yes".
click "IdentityServer4" in header.
user scott is still logged in.

It seems the authentication cookie is not deleted or expired. Thought I was on to something when I read this in your article.

https://www.scottbrady91.com/Identity-Server/Getting-Started-with-IdentityServer-4#ASPNET-Core-Identity

Because ASP.NET Identity also changes the default authentication scheme, any instances of IdentityServerConstants.DefaultCookieAuthenticationScheme and IdentityServerConstants.ExternalCookieAuthenticationScheme, should be changed to IdentityConstants.Application and IdentityConstants.ExternalScheme respectively.

Thanks,
David

Strategy for multi tenant w/ potentially varying roles

What strategy would you take when taking into consideration that you could also have different roles in each tenant?

My initial thoughts are to implement some custom logic to support this via ApplicationUser & ApplicationRole when registering Identity e.g.
services.AddIdentity<ApplicationUser, ApplicationRole>(), which is similar to your approach here:
https://www.scottbrady91.com/aspnet-identity/quick-and-easy-aspnet-identity-multitenancy

An alternative may be to use the AddAuthorizeInteractionResponseGenerator :

services.AddIdentityServer()
                .AddAuthorizeInteractionResponseGenerator<AccountChooserResponseGenerator>()

As discussed here:
https://blog.bitsrc.io/using-identity-server-for-multi-tenant-web-applications-c511ffa3e428

Thank you!

two factor authentication

i have a question
twofactor authentication is outofbox feature so can we implement the twofactor authentication in the accountconntoller/login(postmethod) like.
when the user is login to the application can we check user is eligible for the RequiresTwoFactor and then implement the customziation for the two factor authentication.
var user = await _signInManager.UserManager.FindByNameAsync(model.Username);

// validate username/password using ASP.NET Identity
var result= await _signInManager.CheckPasswordSignInAsync(user, model.Password, true));
if (user != null && result.Success)
{
//credential based authentication

}
else if (result.RequiresTwoFactor)
{
//can we write our twofactor authentication here.
}
can you please help to correct me if i'm may wrong also.
looking for best solution for twofactor authentication.

Need Maximum Token Lifetime Values in Identity Server

We are using Identity Server4. What are the maximum token lifetime values of these tokens?
The default values are

Access Token Lifetime: 3600
Identity Token Lifetime: 300
Absolute Refresh Token Lifetime: 2592000
Sliding Refresh Token Lifetime: 1296000
Authorization Code Lifetime: 300
I need the maximum lifetime values of these tokens for validation purpose.

IdentityServer4.Entityframework DB2 setting table spaces when Multiple table space exist from Migration code

Note:_if am able to set TABLESPACE from MIgartion generated code this issue I can overcome, Please let me know any way to do it?

ISSUE

PM> dotnet ef database update --context "PersistedGrantDbContext" --project "D:\Zephaniah_3_17\Work\Advicent\SourceCode\Oauth\DataAccess\Advicent.AuthServer.DataAccess\Advicent.AuthServer.DataAccess.csproj"
Build started...
Build succeeded.
Applying migration '20200828223535_InitialIdentityServerPersistedGrantDbMigrationDb2'.
Failed executing DbCommand (322ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
CREATE TABLE DeviceCodes (
UserCode varchar(200) NOT NULL,
DeviceCode varchar(200) NOT NULL,
SubjectId varchar(200),
ClientId varchar(200) NOT NULL,
CreationTime timestamp(6) NOT NULL,
Expiration timestamp(6) NOT NULL,
Data varchar(32672) NOT NULL,
CONSTRAINT PK_DeviceCodes PRIMARY KEY (UserCode)
);
IBM.Data.DB2.Core.DB2Exception (0x80004005): ERROR [54010] [IBM][DB2/NT64] SQL0670N The statement failed because the row or column size of the resulting table would have exceeded the row or column size limit: "32677". Table space name: "". Resulting row or column size: "33513".
at IBM.Data.DB2.Core.DB2Connection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode)
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQueryObject(Boolean skipInitialValidation)
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQueryObject()
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQuery()
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQuery(RelationalCommandParameterObject parameterObject)
at Microsoft.EntityFrameworkCore.Migrations.MigrationCommand.ExecuteNonQuery(IRelationalConnection connection, IReadOnlyDictionary2 parameterValues) at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQuery(IEnumerable1 migrationCommands, IRelationalConnection connection)
at Microsoft.EntityFrameworkCore.Migrations.Internal.Migrator.Migrate(String targetMigration)
at Microsoft.EntityFrameworkCore.Design.Internal.MigrationsOperations.UpdateDatabase(String targetMigration, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.UpdateDatabaseImpl(String targetMigration, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.UpdateDatabase.<>c__DisplayClass0_0.<.ctor>b__0()
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.OperationBase.Execute(Action action)
ERROR [54010] [IBM][DB2/NT64] SQL0670N The statement failed because the row or column size of the resulting table would have exceeded the row or column size limit: "32677". Table space name: "". Resulting row or column size: "33513".

Unhandled exception when clicking 'Cancel' on the IS4 login page

Navigating to a protected route i.e /Home/Privacy redirects to IS4 login page. Clicking the cancel button results in an unhandled exception

OpenIdConnectProtocolException: Message contains error: 'access_denied', error_description: 'error_description is null', error_uri: 'error_uri is null'.

Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Issue loading project

Trying to work through your blog post which includes this project and when I try to load this project using VS 2015 Enterprise I get "We were unable to automatically populate your Visual Studio Team Services Account."

How do I get around this?

No authentication handler is configured to authenticate for the scheme: idsrv

I clone the repo and build in VS2017 run and when I click on

Click here to manage your stored grants.

I get the following:

InvalidOperationException: No authentication handler is configured to authenticate for the scheme: idsrv

Update data from configuration file in database

IdentityServer4-Example/src/ScottBrady91.IdentityServer4.Example/Startup.cs

Line 60 in 60144a2

private static void InitializeDbTestData(IApplicationBuilder app)

Question: you are using this method to initialize the database and seed data from the configuration file.

After initialize and configuration, how can you still add other users or update information?
I modified something in the config file and update the database but nothing changes in my database.

Seed user is unable to login

Config.cs generates a test user with username scott, password password. This is unable to login. Invalid username or password error.

internal class Users
{
public static List Get()
{
return new List
{
new TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "scott",
Password = "password",
Claims = new List
{
new Claim(JwtClaimTypes.Email, "[email protected]"),
new Claim(JwtClaimTypes.Role, "admin")
}
}
};
}
}

IdentityServer4.Entityframework DB2 Support

Hi Scoot,
I have an application in SQL, as per one of our client requirements we should able to support DB2 also along with SQL.
We have created POC support DB first and code first as shown below IBM part details which work fine.
https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.swg.im.dbclient.adonet.doc/doc/c0070470.html
In SQL we created the OAuth server using identityserver4, now this create a migration script for migrating ConfigurationDbContext and PersistedGrantDbContext, We are not able to do the same migration for ConfigurationDbContext and PersistedGrantDbContex with DB2, does identity sever migration does support db2 also. please give me your guidance implement using DB2.

With Thanks,
Fijo Francis T