-
-
Notifications
You must be signed in to change notification settings - Fork 764
401 trying to follow the Simplest Auth Walkthrough #932
Comments
What's actually not working? We need more information to help. Also, it's suggested that you enable logging in IdentityServer in order to learn yourself how it works and to diagnose what might be the problem (configuration, etc). As for what to do to learn IdSvr -- well, for us that implemented IdentityServer we read the specs that we linked in the docs. These are the main drivers behind how IdentityServer operates. Also, many years of security work and consulting. Security is complex but an understanding will come with time. |
Thanks Brock, I took the Simplest OAuth sample and I downloaded the Identity Server v3 zip. I setup the server host project to use IIS. I created an IdSvr virtual directory. I’ve have a certificate on the server and I updated the Cert.Load() to load the servers cert and it appears to work fine. I updated the Client & Scope get functions as described in the sample. When I point both the client and Apis web app to the IIS host, the call to GetTokens() works from the client and it appears I have a token. However the Cient.GetStringAsync to the test controller is resulting in a 401 Unauthorized. So I created a new client project. I also created a new WebApi project and setup a TestController just like described in the sample documentation. I added this webapi project to the IdentityServer solution so I could attach to w3 and try to debug all the calls. All the break points I have set get hit when my client makes a call to the GetClientToken(). However, I can’t seem to figure out what code gets called when the Authorize attribute for the API Test/Get method is called. It’s almost like the app.UseIdentityServerBearerTokenAuthentication in the apis startup isn’t resulting in any IdentityServer calls for the AuthorizeAttribute. From: Brock Allen [mailto:[email protected]] What's actually not working? We need more information to help. Also, it's suggested that you enable logging in IdentityServer in order to learn yourself how it works and to diagnose what might be the problem (configuration, etc). As for what to do to learn IdSvr -- well, for us that implemented IdentityServer we read the specs that we linked in the docs. These are the main drivers behind how IdentityServer operates. Also, many years of security work and consulting. Security is complex but an understanding will come with time. — |
And how did the logging go? |
Hello Brock, Thanks for the follow up. I got logging enabled this morning but the strangest thing happened. This morning I patched my computer, (Just because I haven’t in about a month not to address anything.) Upon reboot, I enabled logging, stepped through the client app I created following the Simple OAuth sample docs. For some reason everything is working this morning. (I didn’t not change one line of code this morning.) Having said that, yesterday I think I changed
Originally, following the sample I just had Authority = https://localhost/IdSvr. I think I may have added Core at some point but yesterday testing, I still got the 401 when calling the API endpoint. Note I did an IISreset after changing the Authority URL and recompiling yesterday but it didn’t resolve the problem. I wish I had something to share for others but I don’t know what fixed the problem. I’m going to implement the GetUserToken code next and see what happens. From: Brock Allen [mailto:[email protected]] And how did the logging go? — |
All set (meaning, can we close this)? |
Yes, sorry I meant to do that last night. Thanks for your help. |
I had previous issues of just getting the example to work as it is. I redownloaded and get the sample to work.
Now I need to get this to work in an actual real world scenario versus all the "simple" sample scenarios.
I've tried following the walk through setting up the Identity Server 3 download hosted by IIS.
On the client, the code is as follows:
static void Main(string[] args)
{
var _response = GetClientToken();
In the Host Project I've added the clients and scopes per the sample.
I created an API project and the startup of it, I have the following:
public class Startup
{
public void Configuration(IAppBuilder app)
{
// accept access tokens from identityserver and require a scope of 'api1'
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost/IdSvr/core",
RequiredScopes = new[] { "api1" }
});
The Authority URl I've tried just https://localhost/IdSvr. You can put a bad URL and the result is the same.
Any ideas on what may be wrong or how to even troubleshoot this would be appreciated.
2nd part of this question, for anybody just getting into Identity and tokens, what did you do to try and learn Identity Server? I've tried the samples but have had problems for weeks and even worse they're all "simple" version versus any type of real world solution.
I imagine like most anybody writing a commercial app, we have UI web servers separated from our back end servers. Then our Authentication/authorization server is separate as well.
I like the concepts of Identity Server but I'm not sure how much more time I can waste just trying to figure out how to use it for a fairly simple layout. I would appreciate some feedback on that question from somebody that has went through what I have thus far.
Thanks in advance.
The text was updated successfully, but these errors were encountered: