View IdentityResources.cs
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
View ApiResources.cs
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("Api1", "Protected Api")
};
}
View Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
View SecuredMvcApp.cs
[Authorize("Founder")]
public IActionResult Secure()
{
ViewData["Message"] = "Secure page.";
return View();
}
View gist:602067f9de2602a982ce2afbe192e0d4
[Produces("application/json")]
public class IdentityController : Controller
{
[HttpGet]
[Authorize("Founder")]
[Route("api/resource-with-policy")]
public IActionResult ResourceWithPolicy()
{
return new JsonResult(new { ApiName = "Api1", AuthorizationType = "With Policy" });
}
View Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddAuthorization(options => options.AddPolicy("Founder", policy => policy.RequireClaim("Employee", "Mosalla")))
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
View ResourceOwnerPassword.cs
public static async Task<string> RequestWithResourceOwnerPasswordWithPolicy()
{
async Task<string> GetAccessToken()
{
var discoveryResponse = await DiscoveryClient.GetAsync("http://localhost:5000");
// request token
var tokenClient = new TokenClient(discoveryResponse.TokenEndpoint, "ro.client1", "123654");
var accessToken = await tokenClient.RequestResourceOwnerPasswordAsync("mosalla", "password", "Api1");
if (accessToken.IsError)
View ClientCredentials.cs
public static async Task<string> RequestWithClientCredentialsWithPolicy()
{
async Task<string> GetAccessToken()
{
var openIdConnectEndPoint = await DiscoveryClient.GetAsync("http://localhost:5000");
var tokenClient = new TokenClient(openIdConnectEndPoint.TokenEndpoint, "client1", "123654");
var accessToken = await tokenClient.RequestClientCredentialsAsync("Api1");
if (accessToken.IsError)
{
View ProfileService.cs
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.IssuedClaims.AddRange(context.Subject.Claims);
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
View Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers())
.AddProfileService<ProfileService>();
}