0

How to Validate OpenID Connect Access Token generated by identityserver4 in ASP.NET WEB API.

The Scenario is

  1. I have one Angular Client Application which is getting one OpenID Connect Access Token after Login.
  2. Now That Client Application wants some information from one ASP.NET API. Client can call the API along with the Access Token.

But Question is, How should I validate that Token in my ASP.NET API???

I can easily do that in ASP.NET CORE API.

BUT I NEED Solution to do the same in ASP.NET API. (Not in core) Thanks in advance.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication(o =>
                {
                    o.ApiName = "APINameRegisteredInIdentityServer";
                    o.ApiSecret = "SomeAPISecreteValue";
                    o.Authority = "MyAuthorityURL";
                    o.SaveToken = true;
                    o.SupportedTokens = IdentityServer4.AccessTokenValidation.SupportedTokens.Both;
                });
sudarshan1933
  • 321
  • 4
  • 14

1 Answers1

-1

You can use the IdentityServer3.AccessTokenValidation OWIN middleware package, even for Identity Server 4 tokens - https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation.

There are samples here - https://github.com/IdentityServer/CrossVersionIntegrationTests

devdigital
  • 34,151
  • 9
  • 98
  • 120
  • Hi devdigital, I already mentioned in my question is, I can do this in ASP.NET CORE. I need solution for ASP.NET Framework API template. – sudarshan1933 Jun 13 '18 at 14:28
  • This is for OWIN based .NET 4.x projects, not .NET Core – devdigital Jun 13 '18 at 15:36
  • If you’re not OWIN based, it would be easier to convert to OWIN – devdigital Jun 13 '18 at 15:38
  • Hi devdigital, Can you please provide me the sample how to validate the access token in API... or How to Protect API using OPEN ID CONNECT? or Is anyone help me how to use this Nuget? https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect/ – sudarshan1933 Jun 16 '18 at 18:40
  • Hi All - Please help me, I was literally stuck here from last 5 days... Need help... Thanks in advance – sudarshan1933 Jun 16 '18 at 18:41
  • I am getting this access token from my Angular Client Application issued by IDP. { "nbf": 1529176096,
    "exp": 1529179696,
    "iss": "https://localhost:44381", "aud": [ "https://localhost:44381/resources", "mywebapicore" ], "client_id": "AngularCore", "sub": "1", "auth_time": 1529175083, "idp": "local", "scope": [ "openid", "profile", "mywebapicore" ], "amr": [ "pwd" ] }     – sudarshan1933 Jun 16 '18 at 19:09
  • WEB API CODE app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = "AngularCore", Authority = "https://localhost:44381/", TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = "mywebapicore" } }); – sudarshan1933 Jun 16 '18 at 19:14
  • Have a look at the KatanaApiIdSrv4... samples in the sample link in my answer. – devdigital Jun 17 '18 at 08:06
  • Hi @Devdigital - Yes this Example is working but the Actual token which I am getting in my Real Application, for that Its not working... In My Real application, I am getting one Access Token, which is not getting validated using IdentityServerBearerTokenAuthenticationOptions – sudarshan1933 Jun 18 '18 at 06:32
  • Can you please take a look at it - https://stackoverflow.com/questions/50891611/implement-openid-connect-authetication-in-asp-net-web-api – sudarshan1933 Jun 18 '18 at 06:35