I am setting up an Identity Server with IdentityServer4 (.Net Core) protect Api Web in .Net Framework 4.6.2
I already manage to protect the API but I can not get the token type Bearer
allow access.
Client Configuration in IdentiyServidor4:
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
//AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowedGrantTypes = GrantTypes.ClientCredentials,
//RequireConsent = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
//RedirectUris = { "http://localhost:5002/signin-oidc" },
//PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes = { "api2" }
//AllowedScopes =
//{
// IdentityServerConstants.StandardScopes.OpenId,
// IdentityServerConstants.StandardScopes.Profile,
// "api2"
//},
//AllowOfflineAccess = true
}
Configure API Security:
public void Configuration(IAppBuilder app)
{
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
//Token Consumption
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
// Para obtener más información sobre cómo configurar la aplicación, visite https://go.microsoft.com/fwlink/?LinkID=316888
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://localhost:5000", //ID Server SSO Server
ClientId = "mvc",
ClientSecret = "secret",
ResponseType = "code id_token",
//RedirectUri = "http://localhost:55392/signin-oidc", //URL of Client website
//PostLogoutRedirectUri = "http://localhost:55392/signout-callback-oidc", //URL of Client website
Scope = "api2",
//AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
RequireHttpsMetadata = false,
});
}
Client that invokes the API:
Console.ReadKey();
// discover endpoints from metadata
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
if (disco.IsError)
{
Console.WriteLine(disco.Error);
return;
}
// request token
var tokenClient = new TokenClient(disco.TokenEndpoint, "mvc", "secret");
var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api2");
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return;
}
Console.WriteLine(tokenResponse.Json);
Console.WriteLine("\n\n");
// call api
var client = new HttpClient();
client.SetBearerToken(tokenResponse.AccessToken);
var response = await client.GetAsync("http://localhost:55392/api/protected");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine(response.StatusCode);
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
Console.ReadKey();
Customer Result: Create the token but can not find the api:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjUzNGQzMTM2ZjI3YmJlZDFkODMxNzI4MTA0YWIyNGM3IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MjcxMTUwNzksImV4cCI6MTUyNzExODY3OSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJhcGkyIl0sImNsaWVudF9pZCI6Im12YyIsInNjb3BlIjpbImFwaTIiXX0.jhP9CsldyC_vIKlvJhK9LpcLQW3Y4yJMODVwkJwudioHynl-05y0mEy-BV2OvlU9oNKqXUEWpoTXlwEs8uDVct7Mym9KTjZcc-ORrzUvAdBoW07LN0rukI6WjkKA6UL95JsO_EjZRBtYlGBdkY50p9ijP-9J3r5JTjPKO-0-KhUGzweDnSSTAa_Y8t7Ol3B20_DrDhDOuytFgSDz0ugTOGArABMpJpuM7yeJNrf3yP0j8fKRLHXYmbta2_bNsVXXnT6KhOuy2fDQ7-iLTScdg4sr_uCmHySCSO5rSy83_jZmr0WfUNm7sPmQEHCHO9PFMpl2E-IH7_kThEl5_SXcTQ",
"expires_in": 3600,
"token_type": "Bearer"
}
NotFound