Local validation of IdentityServer

Question

I have Auth Service hosted on some url. All my microservices requested validation to auth on each requests. In StartUp.cs of each services I have

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = WebConfigurationManager.AppSettings["IdentityServerURL"],
            ValidationMode = ValidationMode.ValidationEndpoint,

            //ValidationMode = ValidationMode.Local,
            RequiredScopes = new[] { "user-api" },
        });

It works fine! And in my controller's method in this case I have as you can see

{role: consumer}

But if I change

ValidationMode = ValidationMode.Local,

My request doesn't pass Authorization because values of roles has prefixes

And according to this my request doesn't pass autorization. What should I do in case

ValidationMode = ValidationMode.Local

to have normal value of claims role?

score 1 · Accepted Answer · edited May 23 '17 at 12:13

1

Microsoft apply a claims mapping when the token is received. To remove this default mapping, add this to your Configuration method at startup:

JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

For more information:

How to use InboundClaimTypeMap for claim mapping?

Update of System.IdentityModel.Tokens.Jwt causing breaking change in IdentityServer3 Client

edited May 23 '17 at 12:13

Community

1
1

answered Jan 11 '17 at 08:07

Rob Potter

948
6
28

Thanks a lot! It was helped!) – Евгений Jan 11 '17 at 08:31

Local validation of IdentityServer

1 Answers1