18

I'm trying to use AddCustomAuthorizeRequestValidator method to provide custom claims validation. I can't even get a breakpoint to be hit in the ICustomAuthorizeRequestValidator implementation. Have I missing something? My breakpoint

ConfigureServices method code:

services.AddMvc();

services.AddOptions();

services.AddTransient<ICustomAuthorizeRequestValidator, Saml2BearerValidator>();

services.AddIdentityServer()
    .AddTestUsers(Config.GetUsers())
    .AddConfigurationStore(builder =>
        builder.UseSqlServer(_settings.Value.ConnectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
    .AddOperationalStore(builder =>
        builder.UseSqlServer(_settings.Value.ConnectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
    .AddCustomAuthorizeRequestValidator<Saml2BearerValidator>()
    .AddSigningCredential(CertificateManager.GetFromStorage(
                _settings.Value.ServerCertificateThumb, _settings.Value.ServerCertificatePass));

    return services.ConfigureAutofacServicesProvider(_settings.Value.Abc_xacml_n3_diagnostic);
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
developer
  • 377
  • 1
  • 3
  • 13

3 Answers3

1

Depending on how IdentityServer is structuring things, is it possible that this is due to where you're adding that call?

If IdentityServer is building a middleware pipeline directly from what you're adding, it's possible that it might be handled before it reaches that point in the pipeline.

Curious as to whether you had any luck resolving this.

SeanKilleen
  • 8,809
  • 17
  • 80
  • 133
1

I had the same problem. I created custom grant instead.

Create a class CustomValidationGrant which implements : IExtensionGrantValidator where TUser : IdentityUser, new(), there is a parameter GrantType , for this instance I can call it"custom"

in startUp.cs add services.AddIdentityServer() .AddExtensionGrantValidator<CustomValidationGrant >()

Don't forget to allow a grantType for your client.

In console application you can use something like this:

var discoveryClient = new DiscoveryClient("http://localhost:5000");
discoveryClient.Policy.RequireHttps = false;

var doc = await discoveryClient.GetAsync();

var parameters = new Dictionary<string, string>();

parameters.Add("scope", "MyScope");

parameters.Add("client_secret", "SomeSecret");

parameters.Add("UserName", "UserName");

parameters.Add("Password", "Password");


var tokenResponse = await client.RequestTokenAsync(new TokenRequest
{
       Address = tokenEndpoint,
       ClientId = "your client",
       GrantType = "custom",
       Parameters = parameters
});
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Alex Lamiova Pistrakova
  • 46
  • 3
1

use below code in your startup.cs

services.RemoveAll<IdentityServer4.Validation.ICustomAuthorizeRequestValidator>();
        services.AddTransient<IdentityServer4.Validation.ICustomAuthorizeRequestValidator, UserManagementApiCustomAuthorizeRequestValidator>();

worked for me

Mehrdad
  • 1,523
  • 9
  • 23