You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
Security novice here trying to get my head around IdentityServer.v3 and IdentityManager. I've searched this site for all issues about "claims" but haven't found what I think I'm looking for -- apologies for double posting if this has been asked already.
I’ve learned from the videos that in a MVC app hosted in Azure scenario that I’d likely want to use CodeFlow as the type of client authentication. Assuming that’s correct…
I want to use IdentityServer.v3 with the ASP.Net Identity store to authenticate my users and provide (custom?) claims that tell the app what their tenant ID is, as well as an Azure account Id or a shared access signature code (haven’t decided which yet). I also want to use IdentityManager (with ASP.Net Identity back end) to manage user accounts.
I’ve pulled down the samples for both IdentityServer and IdentityManager using the ASP.Net Identity storage. I created a user and a claim using the IdentityManager, but I don’t know how to get the claim back out. I added a new Scope in Scopes.cs in the IdentityServer, and that seems to work in that I can specify my new scope using the MVC CodeFlowClient Manual sample project and it doesn’t blow up, but the decoded identity token looks the same regardless. I also added a Claims collection to my new scope, but frankly I don’t know what I’m doing at this point so it's no surprise that I didn't get what I wanted from that either.
This is the scope I added to the IdentityServer sample:
new Scope
{
Name = "tenantid",
DisplayName = "Tenant Id",
Type = ScopeType.Resource,
Emphasize = true,
Claims = new List
{
new ScopeClaim
{
AlwaysIncludeInIdToken = true,
Name = Constants.ClaimTypes.ClientId,
Description = "subject identifier"
}
}
}
This is probably pretty easy and again apologies for being lame. Thanks!
The text was updated successfully, but these errors were encountered:
Ok, I've gotten a little further today and discovered that the IdentityServer is actually reading the custom claims I added through IdentityManager, but they're not getting passed back to the client. When the client decodes the identity token only certain claims are present. I decided to use one of the already defined claims, ClientID, thinking that one would get built and returned back but it doesn't. Also found that the version of IdentityServer used in the AspNetIdentity sample isn't quite the same as the code posted online. Closing this question for now.
Security novice here trying to get my head around IdentityServer.v3 and IdentityManager. I've searched this site for all issues about "claims" but haven't found what I think I'm looking for -- apologies for double posting if this has been asked already.
I’ve learned from the videos that in a MVC app hosted in Azure scenario that I’d likely want to use CodeFlow as the type of client authentication. Assuming that’s correct…
I want to use IdentityServer.v3 with the ASP.Net Identity store to authenticate my users and provide (custom?) claims that tell the app what their tenant ID is, as well as an Azure account Id or a shared access signature code (haven’t decided which yet). I also want to use IdentityManager (with ASP.Net Identity back end) to manage user accounts.
I’ve pulled down the samples for both IdentityServer and IdentityManager using the ASP.Net Identity storage. I created a user and a claim using the IdentityManager, but I don’t know how to get the claim back out. I added a new Scope in Scopes.cs in the IdentityServer, and that seems to work in that I can specify my new scope using the MVC CodeFlowClient Manual sample project and it doesn’t blow up, but the decoded identity token looks the same regardless. I also added a Claims collection to my new scope, but frankly I don’t know what I’m doing at this point so it's no surprise that I didn't get what I wanted from that either.
This is the scope I added to the IdentityServer sample:
new Scope
{
Name = "tenantid",
DisplayName = "Tenant Id",
Type = ScopeType.Resource,
Emphasize = true,
Claims = new List
{
new ScopeClaim
{
AlwaysIncludeInIdToken = true,
Name = Constants.ClaimTypes.ClientId,
Description = "subject identifier"
}
}
}
This is probably pretty easy and again apologies for being lame. Thanks!
The text was updated successfully, but these errors were encountered: