Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

401 trying to follow the Simplest Auth Walkthrough #932

Closed
kkfrosty opened this issue Feb 16, 2015 · 6 comments
Closed

401 trying to follow the Simplest Auth Walkthrough #932

kkfrosty opened this issue Feb 16, 2015 · 6 comments
Labels

Comments

@kkfrosty
Copy link

I had previous issues of just getting the example to work as it is. I redownloaded and get the sample to work.

Now I need to get this to work in an actual real world scenario versus all the "simple" sample scenarios.

I've tried following the walk through setting up the Identity Server 3 download hosted by IIS.

On the client, the code is as follows:
static void Main(string[] args)
{
var _response = GetClientToken();

        CallApi(_response);
    }


    static void CallApi(TokenResponse response)
    {
        var client = new HttpClient();
        client.SetBearerToken(response.AccessToken);

        Console.WriteLine(client.GetStringAsync("http://localhost/IdentityWebApis/test").Result);
    }

    static TokenResponse GetClientToken()
    {
        var client = new OAuth2Client(
            new Uri("https://localhost/IdSvr/core/connect/token"),
            "silicon",
            "F621F470-9731-4A25-80EF-67A6F7C5F4B8");

        return client.RequestClientCredentialsAsync("api1").Result;
    }

}

In the Host Project I've added the clients and scopes per the sample.

I created an API project and the startup of it, I have the following:
public class Startup
{
public void Configuration(IAppBuilder app)
{
// accept access tokens from identityserver and require a scope of 'api1'
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost/IdSvr/core",
RequiredScopes = new[] { "api1" }
});

        // configure web api
        var config = new HttpConfiguration();
        config.MapHttpAttributeRoutes();

        // require authentication for all controllers
        config.Filters.Add(new AuthorizeAttribute());

        app.UseWebApi(config);
    }
}

The Authority URl I've tried just https://localhost/IdSvr. You can put a bad URL and the result is the same.

Any ideas on what may be wrong or how to even troubleshoot this would be appreciated.

2nd part of this question, for anybody just getting into Identity and tokens, what did you do to try and learn Identity Server? I've tried the samples but have had problems for weeks and even worse they're all "simple" version versus any type of real world solution.

I imagine like most anybody writing a commercial app, we have UI web servers separated from our back end servers. Then our Authentication/authorization server is separate as well.

I like the concepts of Identity Server but I'm not sure how much more time I can waste just trying to figure out how to use it for a fairly simple layout. I would appreciate some feedback on that question from somebody that has went through what I have thus far.

Thanks in advance.

@brockallen
Copy link
Member

What's actually not working? We need more information to help. Also, it's suggested that you enable logging in IdentityServer in order to learn yourself how it works and to diagnose what might be the problem (configuration, etc).

As for what to do to learn IdSvr -- well, for us that implemented IdentityServer we read the specs that we linked in the docs. These are the main drivers behind how IdentityServer operates. Also, many years of security work and consulting. Security is complex but an understanding will come with time.

@kkfrosty
Copy link
Author

Thanks Brock,

I took the Simplest OAuth sample and I downloaded the Identity Server v3 zip. I setup the server host project to use IIS. I created an IdSvr virtual directory. I’ve have a certificate on the server and I updated the Cert.Load() to load the servers cert and it appears to work fine.

I updated the Client & Scope get functions as described in the sample. When I point both the client and Apis web app to the IIS host, the call to GetTokens() works from the client and it appears I have a token. However the Cient.GetStringAsync to the test controller is resulting in a 401 Unauthorized.

So I created a new client project. I also created a new WebApi project and setup a TestController just like described in the sample documentation. I added this webapi project to the IdentityServer solution so I could attach to w3 and try to debug all the calls.

All the break points I have set get hit when my client makes a call to the GetClientToken(). However, I can’t seem to figure out what code gets called when the Authorize attribute for the API Test/Get method is called.

It’s almost like the app.UseIdentityServerBearerTokenAuthentication in the apis startup isn’t resulting in any IdentityServer calls for the AuthorizeAttribute.

From: Brock Allen [mailto:[email protected]]
Sent: Monday, February 16, 2015 8:44 PM
To: IdentityServer/Thinktecture.IdentityServer3
Cc: kkfrosty
Subject: Re: [Thinktecture.IdentityServer3] 401 trying to follow the Simplest Auth Walkthrough (#932)

What's actually not working? We need more information to help. Also, it's suggested that you enable logging in IdentityServer in order to learn yourself how it works and to diagnose what might be the problem (configuration, etc).

As for what to do to learn IdSvr -- well, for us that implemented IdentityServer we read the specs that we linked in the docs. These are the main drivers behind how IdentityServer operates. Also, many years of security work and consulting. Security is complex but an understanding will come with time.


Reply to this email directly or view it on GitHub #932 (comment) . https://github.com/notifications/beacon/AKZ0TRfpCnMekQNK-2CFKvc3Nr24iC8aks5nspRTgaJpZM4DhO07.gif

@brockallen
Copy link
Member

And how did the logging go?

@kkfrosty
Copy link
Author

Hello Brock,

Thanks for the follow up. I got logging enabled this morning but the strangest thing happened. This morning I patched my computer, (Just because I haven’t in about a month not to address anything.)

Upon reboot, I enabled logging, stepped through the client app I created following the Simple OAuth sample docs.

For some reason everything is working this morning. (I didn’t not change one line of code this morning.)

Having said that, yesterday I think I changed

        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions

            {

                Authority = "https://localhost/IdSvr/Core",

                RequiredScopes = new[] { "api1" }

            });

Originally, following the sample I just had Authority = https://localhost/IdSvr. I think I may have added Core at some point but yesterday testing, I still got the 401 when calling the API endpoint.

Note I did an IISreset after changing the Authority URL and recompiling yesterday but it didn’t resolve the problem.

I wish I had something to share for others but I don’t know what fixed the problem.

I’m going to implement the GetUserToken code next and see what happens.

From: Brock Allen [mailto:[email protected]]
Sent: Tuesday, February 17, 2015 7:08 AM
To: IdentityServer/Thinktecture.IdentityServer3
Cc: kkfrosty
Subject: Re: [Thinktecture.IdentityServer3] 401 trying to follow the Simplest Auth Walkthrough (#932)

And how did the logging go?


Reply to this email directly or view it on GitHub #932 (comment) .

@brockallen
Copy link
Member

All set (meaning, can we close this)?

@kkfrosty
Copy link
Author

Yes, sorry I meant to do that last night. Thanks for your help.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants