Clever Geek Handbook

Identityserver3 Oauth2 with Windows user login

I'm new to the topic of authentication.

My approach is to use identityserver3 to access the resource, I want to use the resource owner client thread with OAuth2, but with a Windows user, I want something like a sample where you can get an access token with a Windows logged in User.

I tried to set up https://github.com/IdentityServer/WindowsAuthentication as an external identity provider, I registered it on my personal server as a WS-Fed provider as shown in https://github.com/IdentityServer/IdentityServer3/issues/ 1157

class Startup
{
    public void Configuration(IAppBuilder app)
    {          
        var factory = InMemoryFactory.Create(   
            scopes: Scopes.Get(),
            clients: Clients.Get(),
            users: Users.Get());

        var AuthenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions();

        AuthenticationOptions.EnableLocalLogin = true;
        AuthenticationOptions.EnableLoginHint = true;
        AuthenticationOptions.EnableSignOutPrompt = true;
        AuthenticationOptions.IdentityProviders = ConfigureIdentityProviders;


        var userService = new ExternalRegistrationUserService();
        factory.UserService = new Registration<IUserService>(resolver => userService);

            var options = new IdentityServerOptions
            {
                SiteName = "Single Sign On",
                Factory = factory,
                RequireSsl = false,
                EnableWelcomePage = true,

                AuthenticationOptions = AuthenticationOptions,

            };

        app.UseIdentityServer(options);

    }

    private static Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions GetAuthenticationOptions()
    {

        var authenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions()
        {
            EnableSignOutPrompt = true,
            EnablePostSignOutAutoRedirect = true,
            PostSignOutAutoRedirectDelay = 0,
            IdentityProviders = ConfigureIdentityProviders

        };
        return authenticationOptions;
    }

    private static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
    {
        var adfs = new WsFederationAuthenticationOptions

        {
            AuthenticationType = "adfs",
            Caption = "Windows Account",
            SignInAsAuthenticationType = signInAsType,
            MetadataAddress = "http://localhost:6739", //url to WebHost project
            Wtrealm = "urn:idsrv3" 
        };

        app.UseWsFederationAuthentication(adfs);
    }
}

I have an External Login button, after clicking which I get an HTTP 500 error.

Questions:

  • Am I on the right course?

  • I think 500 error is not normal, what is the next step to make this work?

  • How can I now get the Acces tokens programmatically, for example in the "simplest OAuth2 walkthrough"? Example:

    public TokenResponse GetToken(string username, string password, string scope)
{           
    OAuth2Client client = new OAuth2Client(

        new Uri("http://localhost.fiddler:44333/windows/authentication"),
        //client ID
        "carbon",
        //client secret
        "21B5F798-BE55-42BC-8AA8-0025B903DC3B");

    return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;            
}
+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles