I have a legacy project ( Framework not core ) and want to authorize this API with identity server 4 I found this connect to connect with identity server 4 using katana I have identity server 4 with an angular client - API resource (.net FrameWork not core ) the cors not work with UseOpenIdConnectAuthentication , if it is removed it work correctly In Identity serve I defined the client as
new Client
{
RequireConsent = false,
ClientId = "insig_spa",
ClientName = "Insig SPA",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireClientSecret = false,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
Scopes.InsigApi
},
RedirectUris =
{
clientUrl + "/auth-callback",
clientUrl + "/assets/silent-refresh.html"
},
PostLogoutRedirectUris = { clientUrl + "/logout" },
AllowedCorsOrigins = { clientUrl ,"https://localhost:44368" },
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 300,
AccessTokenType = AccessTokenType.Jwt,
AlwaysIncludeUserClaimsInIdToken = true
}
new ApiScope(Scopes.InsigApi, "Access API Backend")
new ApiResource(Instances.InsigApi, "Resource Insig API")
{
Scopes = new List<string>()
{
Scopes.InsigApi
}
}
and in the webapi ( FrameWork not Core ) :
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "cookie"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "insig_spa",
Authority = "https://localhost:5000",
RedirectUri = "https://localhost:5002/auth-callback",
Scope = "openid profile email insigapi.read",
SignInAsAuthenticationType = "cookie",
RequireHttpsMetadata = false,
UseTokenLifetime = false,
RedeemCode = true,
SaveTokens = true,
ClientSecret = "secret",
ResponseType = OpenIdConnectResponseType.Code,
ResponseMode = "query",
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
{
// set PKCE parameters
var codeVerifier = CryptoRandom.CreateUniqueId(32);
string codeChallenge;
using (var sha256 = SHA256.Create())
{
var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
codeChallenge = Base64Url.Encode(challengeBytes);
}
n.ProtocolMessage.SetParameter("code_challenge", codeChallenge);
n.ProtocolMessage.SetParameter("code_challenge_method", "S256");
// remember code_verifier (adapted from OWIN nonce cookie)
RememberCodeVerifier(n, codeVerifier);
}
return Task.CompletedTask;
},
AuthorizationCodeReceived = n =>
{
// get code_verifier
var codeVerifier = RetrieveCodeVerifier(n);
// attach code_verifier
n.TokenEndpointRequest.SetParameter("code_verifier", codeVerifier);
return Task.CompletedTask;
}
}
});
in console i found : https://localhost:5000/connect/authorize?client_id=insig_spa&redirect_uri=https%3A%2F%2Flocalhost%3A5002%2Fauth-callback&response_type=code&scope=openid%20profile%20email%20insigapi.read&code_challenge=A6ToJOXINiypamObt21YJan7e1TYuwxQa-_drBSgEaw&code_challenge_method=S256&state=OpenIdConnect.AuthenticationProperties%3DPg1Xgh0YlELfO3mDIa1xWw4yAVjwAnA_O8qb83daZyzMNJsv7ZFxdFIbht7hDo4vQb-q5JdrozvYCTpIC2HVTnx1DQ8Wz9s1d06YoL8hdwUGF-yisgodvAg0sphJ1Qk_F1NXs5r5XlzA_HFb1PYgDnn6aAbcYi5wCtoIAVUiDOd2kjIJ_hXh7ez9fk6pdmnvbyXnDtp9q-cAPcwjr8bj8fOApBzRplJYBFGHj6VGYVoFdUb20-5yonekbW6Ppkv2Y7nkk3a06P1nYYB4Xow-DElLZt-qWKovKd0fU5Xdntc&nonce=637867398003742436.YWIyNDEwYWItMjc1OC00NjY3LThmZWMtYjAxYjc2MjE1MTYxMThjNDJlOGQtZWVhYi00ZTk4LWIzY2EtZTgyZDQ2ZDAzN2Vm&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0' (redirected from 'https://localhost:44368/values') from origin 'https://localhost:5002' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Why this error and how can i fix it
