Lightweight OWIN OAuth2.0 Authorization Framework with IdentityServer3

For many years now, Dominic Baier and his team at Thinktecture?has been relentlessly pursuing the cause to provide a lightweight alternative to securing costly server technologies in implementing really simple claims-based identity solutions. Their IdentityServer framework has graduated into an enterprise class identity suite with many large corporations leveraging it for single sign-on. With the release of IdentityServer3, it now becomes an OWIN/ Katana?based framework with hostable components to support SSO in modern web applications supporting all modern identity specifications like OpenID Connect and OAuth2.0. It is very easy to configure IdentityServer3 in your ASP.NET MVC or Web API application.

First you need to install the relevant NuGet packages in Microsoft.Owin.Host.SystemWeb and Thinktecture.IdentityServer3. Next you need to setup an OWIN startup host file that replaces the ASP.NET host. You can create a Startup.cs file in your ASP.NET MVC project and call the UseIdentityServer?extension method with IAppBuilder?to setup IdentityServer in your OWIN host.

public void Configuration(IAppBuilder app){    var options = new IdentityServerOptions    {        SigningCertificate = ,        Factory = Factory.Create()    };    app.UseIdentityServer(options);}

You must also decorate the class with OwinStartupAttribute attribute.

 [assembly: OwinStartup(typeof())]

In addition, in your Web.config file you must set the run all managed modules for all requests?attribute to true to allow identify server resources to be loaded correctly.

It is also possible to specify the clients that will leverage the identity server for authentication and the provider supplying the identity information from a user database or LDAP repository. This configures identity server and you can browse the /identity/.well-known/opened-configuration URL to discover the end points.

To add OAuth 2.0 support, the IAppBuilder provides the UseJsonWebToken?method that you can configure in your Startup.cs file

app.UseJsonWebToken(               issuer: ConfigurationManager.AppSettings["Issuer"],                audience: ConfigurationManager.AppSettings["Audience"],                signingKey: signingKey); 

You are all set. You can now use the AuthorizeAttribute?attribute on your controller actions to authorize resource access, and initiate authentication with IdentityServer3. IdentityServer3 will present the login page, and based on the configured identity provider will allow you to login to access the resource. The Authorize attribute is available out of the box in MVC. You can use the more robust annotated resource authorization feature in IdentityServer3. To use that, install the Thinktecture.IdentityModel.Owin.ResourceAuthorization.Mvc package and then you can start using the ResourceAuthorizationAttribute attribute in your controller actions:

 [ResourceAuthorize("Read", "OrderDetails")]

You can now isolate access control in terms of who can read the order details (in our example above) in an AuthorizationManager call that invokes the relevant manager depending on the resource being accessed.

The AuthorizationManager should be part of the OWIN startup configuration using the IAppBuilder UseResourceAuthorization?method.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin

Overview

The Latest

your company's audio

4 Areas of Your Company Where Your Audio Really Matters

Your company probably relies on audio more than you realize. Whether you’re creating a spoken text message to a colleague or giving a speech, you want your audio to shine. Otherwise, you could cause avoidable friction points and potentially hurt your brand reputation. For example, let’s say you create a

chrome os developer mode

How to Turn on Chrome OS Developer Mode

Google’s Chrome OS is a popular operating system that is widely used on Chromebooks and other devices. While it is designed to be simple and user-friendly, there are times when users may want to access additional features and functionality. One way to do this is by turning on Chrome OS

homes in the real estate industry

Exploring the Latest Tech Trends Impacting the Real Estate Industry

The real estate industry is changing thanks to the newest technological advancements. These new developments — from blockchain and AI to virtual reality and 3D printing — are poised to change how we buy and sell homes. Real estate brokers, buyers, sellers, wholesale real estate professionals, fix and flippers, and beyond may