ASP.NET Identity 2.0 Authentication Against Our Own Media Server

Question

ASP.NET Identity 2.0 Authentication Against Our Own Media Server

Everything,

I have a security server whose sole purpose is to provide media tokens from one endpoint: http://example.com/token

Request example:

POST http://example.com/token HTTP/1.1 User-Agent: Fiddler Content-Type: x-www-form-urlencoded Host: example.com Content-Length: 73 grant_type=password& username=example@example.com &password=examplePassword

Answer example:

 HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/json;charset=UTF-8 Expires: -1 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Tue, 16 Aug 2016 12:04:39 GMT { "access_token": "xxxx", "token_type": "bearer", "expires_in": 17999, "refresh_token": "xxxx", ".issued": "Tue, 16 Aug 2016 12:04:38 GMT", ".expires": "Tue, 16 Aug 2016 17:04:38 GMT" }

We have an angular application that uses this endpoint for authentication and does it just fine.

What we are trying to achieve without much success is to create an MVC application that uses the same server for authentication, we would like the code to sit on top of Identity 2.0, if possible.

In our AccountController ( AccountController project), we have our Login(LoginModel model) method Login(LoginModel model) , which processes the login and looks like this (the same as the sample project template):

 var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);

We have our own implementation of IUserStore, UserManager, SignInManager.

I reviewed redefinition

 public Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool isPersistent, bool shouldLockout) on `SignInManager<,>` and make a web call across to the security server.

The standard implementation of PasswordSignInAsync calls UserManager.FindByNameAsync , but that would mean that I would have to set the search method on my security server to confirm that the username exists, which is really not very good.

I need to miss something, and I know that it is not so difficult, our MVC application should use cookie authentication, but also support the bear token for subsequent calls to our other resource server.

(I appreciate that I can mix technologies here, hence the question).

This also works in OWIN.

+7

authentication c # asp.net-mvc owin asp.net-identity-2

Steven yates Aug 16 '16 at 12:17

source share

1 answer

Khanh to · Accepted Answer · 2016-08-28T04:32:01+0000

In this case, I do not think you should use Identity 2.0 in your MVC application. You must create an AuthenticationClient to call your authentication server, you can also use this library to create such a client https://www.nuget.org/packages/Thinktecture.IdentityModel.Client/

 public class AuthenticationClient { public ClaimsIdentity GetClaimsIdentity(string username, string password) { //Call your authentication server to get your token and also claims associated with your identity. //You can look at an example code how to do it: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ConsoleResourceOwnerClient/Program.cs //and create a ClaimsIdentity object out of those information var identity = GetIdentity(); //The key point here is to add AccessToken and RefreshToken as custom claims to your identity so you retrieve these tokens back on subsequent requests. identity.AddClaim(new Claim("access_token", accessToken)); identity.AddClaim(new Claim("refresh_token", refreshToken)); } }

This will meet your requirements:

Use cookie authentication, but also support the bear token for subsequent calls on our other resource server.

Your Login method on the AccountController should look like this:

 public ActionResult Login(LoginModel model) { var identity = authenticationClient.GetClaimsIdentity(model.UserName, model.Password); if (identity == null) { return new HttpUnauthorizedResult(); } //Sign in the user var ctx = Request.GetOwinContext(); var authenticationManager = ctx.Authentication; authenticationManager.SignIn(identity); return new HttpStatusCodeResult(HttpStatusCode.OK); }

I assume that you have already registered this middleware to use Cookie authentication:

 public void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login") }); }

Now for all subsequent requests, you can return the access token to call your resource server from your ClaimsIdentity:

 User.Identity.Claims.FirstOrDefault(x => x.Type == "access_token");

ASP.NET Identity 2.0 Authentication Against Our Own Media Server

More articles: