Web API Authentication in ASP.NET 5
Indeed, there'll be no OAuthAuthorizationServerMiddleware
in ASP.NET 5.
If you're looking for the same low-level approach, you should take a look at AspNet.Security.OpenIdConnect.Server
: it's an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3 but that targets OpenID Connect, as you already figured out (
OAuth Authorization Service in ASP.NET Core).
https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server
OpenID Connect is itself based on OAuth2 and is basically a superset offering standardized authentication features. Don't worry: you can, of course, use ANY OAuth2 client with ANY OpenID Connect server, including AspNet.Security.OpenIdConnect.Server.
Don't miss the MVC 6 sample: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Mvc
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
Audience = "http://localhost:54540/",
Authority = "http://localhost:54540/"
});
app.UseOpenIdConnectServer(options =>
{
options.Provider = new AuthorizationProvider();
});
Good luck, and don't hesitate to ping me if you need help.
Related videos on Youtube
user1620696
Updated on June 18, 2022Comments
-
user1620696 almost 2 years
I've been studying ASP.NET 5 for some time now and there is something I'm yet confused. To implement authentication in Web API 2 what I used to do was basically use the OWIN OAuth Authentication Server Middleware. It was simple to use, I could configure just what I needed and there wasn't a bunch of stuff I needed to put on the app without need for it.
Now, at first I didn't find this in ASP.NET 5 and I thought it was a matter of time to wait the middleware to show up. But yesterday, reading on the issues on the Security repo I found out that apparently there is no intention to port this middleware to the new version of the framework.
Instead, it seems people are encouraged to use Identity Server 3. I took a look on the project and although it is nice and has many usages I really prefer to configure just the minimum I need sometimes. Also, another drawback is that Identity Server 3 needs the full CLR, so if I need to use it in order to provide authentication on my application I would need to stop using Core CLR, which for me is a huge disadvantage since Core CLR is a lot more lightweight.
So, if I don't want to use the Identity Server 3 on ASP.NET 5, how can I implement authentication for Web API if the OAuth Authentication Server middleware is gone? Has anyone been through that and found a way to deal with it?
How to deal with authentication on ASP.NET 5 Web API without using Identity Server 3?
-
Mahesh Kava almost 9 yearsyou don't necessarily have to use the Identity Server3 and instead build your own Authentication server which would return token on authentication
-
user1620696 almost 9 yearsSo I would need to implement one OAuth authentication server myself?
-
Matt Roberts about 8 yearsIdentity server 4 targets core now: leastprivilege.com/2016/01/11/…
-
-
Kévin Chalet over 8 yearsKatana's authorization server had many unsolved bugs, still listed on the Codeplex tracker. I took a brief look at your fork and it seems that you've fixed none of them. If you're still looking for the "original authorization server", take a look at
AspNet.Security.OpenIdConnect.Server
, it offers the same experience but fixes all the known bugs Katana's server had. -
partyelite about 8 yearsHi, I have the same setup and it works on my dev machine. I have tried publishing it to server (test environment) and there I get an error "InvalidOperationException: IDX10803: Unable to obtain configuration from: 'localhost:5000/.well-known/openid-configuration'". I have installed HttpPlatformHandler and set my application pool to "No managed code". My site is bound to port 8890. Navigating to "localhost:8890" throws the error in Chrome and IE. When I run web.cmd from approot folder and navigate to "localhost:5000" it works but only in Chrome. IE gives the same error. Any help, plz?