Identityserver4: How correctly connecting IdentityServer4 and Asp.net mvc 5 application based on OWIN?

This example solved my problem

@inyutin-maxim Hi, which changes you had to make to the sample to make it work with identity server 4? Thanks

@inyutin-maxim @kolte I have the same question as well, thank you.

@inyutin-maxim @kolte Nevermind I figure it out! Thank you anyway

@kassem-abboud can you please share solution here? Thank you.

@kolte @kassem-abboud Also problem with infinite redirrect solve library https://github.com/Sustainsys/owin-cookie-saver

@kolte @kassem-abboud @inyutin-maxim What is the fix? Can you please share the solution? I have exactly the same problem. The links @inyutin-maxim give seems don't help much....are you saying it's a Microsoft bug?

i have the same question. but do not know how to sove it

This seems to be a general question about IdentityServer - not a bug report or an issue.

Please use one of the our free or commercial support options

See here for more details.

Thanks!

@denli8 @karatelambda @kolte @kassem-abboud workarround:
Your Asp.Net 5 application should have System.IdentityModel.Tokens.Jwt version "4.0.40306.1554"

I create midlleware:

/// <summary>
///  Default Middleware
/// </summary>
/// <param name="app">Application Builder</param>
/// <param name="options"> Default Middleware Options</param>
/// <returns>Application Builder</returns>
public static IAppBuilder DefaultMiddleware(this IAppBuilder app, DefaultMiddlewareOptions options)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    app.UseKentorOwinCookieSaver();
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
    });

    JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
        SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
        RedirectUri = options.ApplicationUrl + "signin-oidc",
        PostLogoutRedirectUri = options.ApplicationUrl,
        Authority = options.IdentityUrl,

        ClientId = options.ClientId,
        ClientSecret = options.ClientSecret,

        ResponseType = "code id_token",
        Scope = string.Join(" ", options.Scopes),

        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            AuthorizationCodeReceived = async n =>
            {
                var tokenClient = new TokenClient(
                    options.IdentityUrl + "connect/token",
                    options.ClientId,
                    options.ClientSecret
                );

                var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);

                if (tokenResponse.IsError)
                {
                    throw new AuthenticationException(tokenResponse.Error);
                }

                var userInfoClient = new UserInfoClient(options.IdentityUrl + "connect/userinfo");

                var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);

                var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
                id.AddClaims(userInfoResponse.Claims);

                id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
                id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString(CultureInfo.InvariantCulture)));
                id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
                id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));

                n.AuthenticationTicket = new AuthenticationTicket(
                    new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role),
                    n.AuthenticationTicket.Properties
                );
            },

            RedirectToIdentityProvider = n =>
            {
                if (n.ProtocolMessage.RequestType != OpenIdConnectRequestType.LogoutRequest)
                {
                    return Task.FromResult(0);
                }

                var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                if (idTokenHint != null)
                {
                    n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                }

                return Task.FromResult(0);
            }
        }
    });

    return app;
}

Middleware usage:

var identityUrl = ConfigurationManager.AppSettings["IdentityUrl"];
var appUrl = ConfigurationManager.AppSettings["AppUrl"];
app.H21DefaultMiddleware(new H21DefaultMiddlewareOptions(new List<string> { "filestorage" })
{
    IdentityUrl = identityUrl,  // Identity Server Url
    ApplicationUrl = appUrl,    // URL for your application
    ClientId = "docs",          // Client Id in declared in Identity Server
    ClientSecret = "secret"     // Client Secret in declared in Identity Server
});

IdentityServer4 Client:

new Client
{
    ClientId = "docs",
    ClientName = "Docs Client",
    ClientSecrets = new List<Secret>
    {
        new Secret(serviceSettings.Secret.Sha256())
    },
    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
    AllowAccessTokensViaBrowser = true,
    AlwaysIncludeUserClaimsInIdToken = true,
    RequireConsent = false,
    AllowOfflineAccess = true,
    RedirectUris =
    {
        $"{coreSettings.DocsEditorUrl}signin-oidc"
    },
    PostLogoutRedirectUris =
    {
        coreSettings.DocsEditorUrl
    },
    AbsoluteRefreshTokenLifetime = serviceSettings.AbsoluteRefreshTokenLifetime,
    SlidingRefreshTokenLifetime = serviceSettings.SlidingRefreshTokenLifetime,
    AllowedScopes = scopes
},

@inyutin-maxim
hello,could you send you demo for me.thanks lot~

// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:5002/signin-oidc" },

this logout url is wrong. Please try

PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

Hi @inyutin-maxim,
this middleware is working awesome. But i am getting a problem in AntiforgeryToken

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity.

What can be the possible solution

This seems to be a general question about IdentityServer - not a bug report or an issue.

Please use one of the our free or commercial support options

See here for more details.

Thanks!

All these links are not working anymore

Hi, does anyone know ASP.NET MVC OWIN example that works with the Demo Server (https://demo.identityserver.io)? Which configuration should I use? Thx

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.