3

Is there any way I can access the auth ticket info set on the auth server when it is separate from the resource server?

On the auth server I can access all the ticket properties I set using 

var authInfo = await Request.HttpContext.Authentication.GetAuthenticateInfoAsync(OAuthValidationDefaults.AuthenticationScheme);

    var myProperty= authInfo.Properties.Items.FirstOrDefault(p => p.Key.Equals("property_name"));

However, when I try this while on the resource server, I am unable to see the same properties.

Kévin Chalet
  • 39,509
  • 7
  • 121
  • 131
Robert Campbell
  • 33
  • 4
  • Interesting, this should work. Are you sure you're using the validation middleware (and the default token format)? – Kévin Chalet Jan 31 '17 at 22:04
  • I am using the introspection middleware. I don't suppose I can use the validation middleware if the auth server is separate from the resource server? – Robert Campbell Jan 31 '17 at 23:37
  • You can use the validation middleware for your resource server if it's configured to use the same ASP.NET Core Data Protection key ring and has the same application name configured in the DP options. You can read https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview for more information. – Kévin Chalet Feb 01 '17 at 01:00
  • This is already the case so this will work. I'll give it a go tomorrow. I feel the correct solution is in your answer below though. – Robert Campbell Feb 01 '17 at 03:27

1 Answers1

1

To be able to access the authentication properties stored in an access token, you must use the default access token AND the validation middleware.

When using the introspection middleware, you can't flow these properties. Instead, store them as claims to be able to expose them to your resource servers.

Kévin Chalet
  • 39,509
  • 7
  • 121
  • 131