Clever Geek Handbook

Adding Authorize Tag to HomeController in ASP.NET Core Angular Application (using Angular Spa Template) w / IdentityServer4

I created an ASP.NET Core Angular app using the latest template on yoman. I am running IdentityServer4. In IdentityServer4, I created a client for an MVC application.

        // OpenID Connect implicit flow client (MVC)
        new Client
        {
            ClientId = "mvc",
            ClientName = "MVC Client",
            AllowedGrantTypes = GrantTypes.Implicit,

            RedirectUris = { "http://localhost:5002/signin-oidc" },
            PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

            AllowedScopes =
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile
            }
        }

I used the following documentation to help set it up: http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html
I added the [Authorize] attribute to the main controller and everything seems to work. The user cannot access the Angular code as the Home Controller is instantly redirected to IdentityServer4 for login.

I'm a little confused as to what the hybrid thread is in regards to what I have set above. http://docs.identityserver.io/en/release/quickstarts/5_hybrid_and_api_access.html

Since I'm going to use the ASP.NET Core Angular template, is it really that simple? Just add the MVC app as a client and add the Authorize attribute to the top of the HomeController? I wonder why all the trouble in configuring everything in Angular with the oidc-client if I can take advantage of ASP.NET Core.

I suppose my setup will fail once the user's roles are involved (which user can access what). I would rely on IdentityServer4 to tell me these roles, but I need access to them in Angular. Maybe this is the answer to my question ... What is this hybrid workflow for?

This is how my app is structured:
MyApp.Web
MyApp.Api (The Api that Angular will call additionally has an IdentityController for IdentityServer)
MyApp.Auth (Identity Server)

If anyone is completely confused by my question, it would be very helpful if I could get a recommendation on how to properly set up authentication / authorization with IdentityServer4 and ASP.NET Core Angular app. Taking advantage of .NET Core, I don't have to do all authentication exclusively on the client.

+3


source to share


1 answer


Taking advantage of .NET Core so I don't have to do all authentication exclusively on the client . I think you are already in the right direction. You should go with hybrid streaming, this way your tokens will be more secure as the client won't be able to access it in the browser and you can use refresh tokens to make your website more secure.



No need to use the oidc-client library on the client! Let me know if you are still stuck, I can post the code.

0


source






More articles:


All Articles