I am going through the sample at https://identityserver.github.io/Documentation/docs/overview/mvcGettingStarted.html. This is in VS2013. I am using Google Chrome as the browser. I have managed to get to "Adding a protected resource and showing claims" where I add an AuthorizeAttribute to the About. I run the app. I click About. I see the Sign On form, as expected. I sign on as "bob" with the "secret" password. I expect to see the About form with claims listed. Instead, I see a blank form with a long URI, and then some sort of loop.
I looked at Fiddler to get a clue. The loop is:
- GET /Home/About HTTP/1.1
- GET /identity/connect/authorize?...
- POST / HTTP/1.1
- POST /skypectoc/v1/pnr/parse HTTP/1.1
- Goto 1
This suggests that the app redirects to the identity server, which redirects back to the originating URL, but the app doesn't recognize the user is authenticated, so it redirects to the identity server. And so on.
My Startup class is:
public class Startup
{
private static readonly OpenIdConnectAuthenticationOptions OpenIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44300/identity/",
ClientId = "mvc",
Scope = "openid profile roles",
RedirectUri = "https://localhost:44300/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies"
};
private static readonly CookieAuthenticationOptions CookieAuthenticationOptions = new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
};
public void Configuration(IAppBuilder app)
{
IdentityServerServiceFactory identityServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
IdentityServerOptions identityServerOptions = new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
SigningCertificate = LoadCertificate(),
Factory = identityServerServiceFactory
};
app.Map("/identity", idsrvApp => idsrvApp.UseIdentityServer(identityServerOptions));
app.UseCookieAuthentication(CookieAuthenticationOptions);
app.UseOpenIdConnectAuthentication(OpenIdConnectAuthenticationOptions);
}
private X509Certificate2 LoadCertificate()
{
string path = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, @"bin\idsrv3test.pfx");
return new X509Certificate2(path, "idsrv3test");
}
}
I have Clients
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
Enabled = true,
ClientName = "MVC Client",
ClientId = "mvc",
Flow = Flows.Implicit,
RedirectUris = new List<string>
{
"https://localhost:44300/"
},
AllowAccessToAllScopes = true
}
};
}
}
Scopes:
public static class Scopes
{
public static IEnumerable<Scope> Get()
{
List<Scope> scopes = new List<Scope>
{
new Scope
{
Enabled = true,
Name = "roles",
Type = ScopeType.Identity,
Claims = new List<ScopeClaim>
{
new ScopeClaim("roles")
}
}
};
scopes.AddRange(StandardScopes.All);
return scopes;
}
}
Users:
public static class Users
{
public static List<InMemoryUser> Get()
{
return new List<InMemoryUser>
{
new InMemoryUser
{
Username = "bob",
Password = "secret",
Subject = "1",
Claims = new[]
{
new Claim(Constants.ClaimTypes.GivenName, "Bob"),
new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
new Claim(Constants.ClaimTypes.Role, "Geek"),
new Claim(Constants.ClaimTypes.Role, "Foo")
}
}
};
}
}
I think this is all, pretty much, transcribing from the sample. The Startup was refactored a little, so I could study the parts. What am I missing?
TIA
