IdentityServer4.AccessTokenValidation for .Net Framework 4.x

IS4.AccessTokenValidation supports ASP.NET Core (.NET Core & .NET Framework)
IS3.AccessTokenValidation supports Katana (.NET Framework)

@joaocolombo were you able to solve your issue? I am going through the same thing. I have an existing web api built on .net framework and there is no documentation on how to do this on a .net framework only for .net core.

@chesco yeah, i solved this problem, actually is simples, you will need a Startup class and import these libraries
(IdentityServer3.AccessTokenValidation; Microsoft.Owin.Security.Cookies; Owin;).
It is harder if you have a injection dependecy, you will need some other librery, but if you want, i can help you.
Sorry about my english i still study :D

Thank you. I’d really appreciate your help if possible. I’m on instagram @chesco.me and my email is [email protected] if you want to reach out directly.

I think I got the api setup correctly but I still keep getting a 401 error

//Francisco

On Mar 14, 2018, at 10:37 AM, João Rafael Colombo notifications@github.com wrote:

yeah, i solved this problem, actually is simples, you will need a Startup class and import these libraries
(IdentityServer3.AccessTokenValidation; Microsoft.Owin.Security.Cookies; Owin;).
It is harder if you have a injection dependecy, you will need some other librery, but if you want, i can help you.
Sorry about my english i still study :D

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@joaocolombo thank you. Is there a way I can reach you? I can be found on IG @ chesco.me

i have the same problem.

¿can you explicated me you solution?

of course, i prepared a solution with a example. https://github.com/joaocolombo/IS4 and if you have more questions i will bi glad for help you

@joaocolombo Appreciate your sample. But i do have a question around this. I could see you have used IS3.AccessTokenValidation. Is there any way i could use IS4.Accesstokenvalidation for the api with dotnet framework.

@leastprivilege Would this possible for you to share me a sample of validating token using IdentityServer4.AccessTokenValidation on an api that runs on dotnet framework rather than asp.net core. I have googled enough but havent come across one.

@Sivasekare yeap, you can use IS4.AccessTokenValidation in .net Framework, but you will have allot of new references because this.

Before install IS4.AccessTokenValidation

After install IS4.AccessTokenValidation

@joaocolombo Much appreciate your reply. I have tried installing IS4.AccessTokenValidation. But the issue is we couldnt use services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
something like this in dotnet framework as we're using owin startup type.

@joaocolombo Even if you have any working samples of IS4.AccessTokenValidation in dotnetframework api. Kindly share the piece of code. That would be helpful

@Sivasekare Sorry, but i doesn't have a project with this setup. Make this work tougher is not a easy task, i suggest you implement directly the OWIN is easier and have more examples. I will try do this later and put in my git for help you.

@joaocolombo Not an issue. I will try to dig that further. Anyways thanks for your help.

Roll your own. This will open the token and setup the current user's identity in the API so you can use [Authorize(Role="")]

`public class JWTAuthenticationFilterAttribute : AuthorizationFilterAttribute
{
private JWTAuthenticationIdentity _identity;

    public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
    {
        if (!IsUserAuthorized(actionContext))
            ShowAuthenticationError(actionContext);

        return Task.FromResult<object>(null);
    }

    public bool IsUserAuthorized(HttpActionContext actionContext)
    {
        bool skipAuthorization = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Any()
                                 || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Any();

        if (skipAuthorization)
        {
            return true;
        }

        var auth = new AuthenticationModule();
        var authHeader = auth.FetchFromHeader(actionContext.Request); //fetch authorization token from header

        if (authHeader != null)
        {
            var userPayloadToken = auth.GenerateUserClaimFromJWT(authHeader);

            if (userPayloadToken != null)
            {
                _identity = auth.PopulateUserIdentity(userPayloadToken);
                var genericPrincipal = new GenericPrincipal(_identity, _identity.Roles.ToArray());
                Thread.CurrentPrincipal = genericPrincipal;
                var authenticationIdentity = Thread.CurrentPrincipal.Identity as JWTAuthenticationIdentity;
                if (!string.IsNullOrEmpty(authenticationIdentity?.UserName))
                {
                    authenticationIdentity.UserName = _identity.UserName;
                    authenticationIdentity.Roles = _identity.Roles;
                }

                HttpContext.Current.User = authenticationIdentity;
                return true;
            }
        }
        return false;
    }

    private static void ShowAuthenticationError(HttpActionContext filterContext)
    {
        filterContext.Response =
            filterContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                new {Code = 401, Message = "Unable to access, Please login again"});
    }
}`

@joaocolombo hi, i appreciate your sample. i have the problem same as you had, i run your sample with both solution ApiIdentity and ApiIdentityNetFramework but none of them is authorized by ids4. in ApiIdentity i get HTTP ERROR 401 and in ApiIdentityNetFramework i get Authorization has been denied for this request, my main problem is authorize .net framework app by ids4. but none of samples works
can you help me?
i will be thankful

@samanevrc of course, normally(in this sample) this problem is about line 18 on .net framework or line 34 on core in startup file, be sure you redirect to you is4 provider. Case the problem is different, let me know, and send me a email or other way for help you easily.

@samanevrc I found that I I had some attributes in the wrong order, the order does matter! Make sure the auth filter is before the authorize...
[JWTAuthenticationFilter] [Authorize] public class BaseController : ApiController { }
I also copied the IdentityServerClient Core code from GitHub and compiled it into .NET Framework and my life got a whole lot easier. Thank you open source .NET!

@joaocolombo Thank you for answering.i have changed the Authority address to my ids4 address, but it does not work, i really thankful if you give your email to help me

@kkilton thanks for your attention, i have not used filter yet

@joaocolombo @kkilton i can solve it, i use OpenIdConnectAuthentication and it works
thanks again

@samanevrc I am also facing the same issue, can you please share the code using OpenIdConnectAuthentication.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.