identity server 4 securing api on the same project

Question

We are using IdentityServer as an openid provider for our web applications and APIs resources. I want to expose a secure api endpoint on identity server for editing users, somehow I can not get configuration working. my client is angular and I have a valid bearer token.

app.UseCors("AllowSpecificOrigin");
app.UseIdentity();
app.UseIdentityServer();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationScheme = "Cookies"
});

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
   {
      Authority = Configuration["AuthServerUrl"],
      ScopeName = "api",
      AutomaticAuthenticate = true,
      AutomaticChallenge = true,
      RequireHttpsMetadata = false
   });

any help will be appreciated.

score 0 · Answer 1 · answered Oct 31 '16 at 12:45

0

You can branch your application with using MapWhen like below:

         app.MapWhen(x => x.Request.Path.StartsWithSegments("/custom"), builder =>
         {
             builder.UseCookieAuthentication(new CookieAuthenticationOptions
             {
                AuthenticationScheme = "Cookies"
             });

             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

             builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
             {
                 Authority = Configuration["AuthServerUrl"],
                 ScopeName = "api",
                 AutomaticAuthenticate = true,
                 AutomaticChallenge = true,
                 RequireHttpsMetadata = false
            });
            // .....
         });
         app.UseIdentity();
         app.UseIdentityServer();
         //...

answered Oct 31 '16 at 12:45

adem caglin

22,700
10
58
78

is this a good practice? seems more like a work around to me. because I have to specify authority for self project. – aurimas Oct 31 '16 at 15:21
2

You have to map paths in order to have this functionality, otherwise the pipelines start overriding each other. Best practice would be to have them in completely separate projects. – Scott Brady Oct 31 '16 at 16:22
@adem caglin, how did you get the Authority URL automatically? – blgrnboy Jun 09 '17 at 19:06
See https://stackoverflow.com/questions/39864550/how-to-get-base-url-without-accessing-a-request – adem caglin Jun 10 '17 at 15:59

identity server 4 securing api on the same project

1 Answers1