0

I have an angular7 application with asp.net core 2.2 and an Identity server 4 for authentication and authorization. I am trying to do hybrid or implicit grant type to authenticate our angular application. Asp.net core is bootstraping our angular7 application using below code in startup.cs

app.UseSpa(spa =>
        {                
            spa.Options.SourcePath = "ClientApp";

            if (env.IsDevelopment())
            {
                spa.UseAngularCliServer(npmScript: "start");
            }
      });

I want user should redirect to Identity server for authentication and after authentication our angular application should open. For this I have added below code in startup.cs

public void ConfigureServices(IServiceCollection services)
{
   services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.SignInScheme = "Cookies";
        options.Authority = "https://localhost:9001";
        options.RequireHttpsMetadata = false;
        options.ClientId = "AngularWebApp";
        options.ClientSecret = "the_secret";
        options.ResponseType = "code id_token";
        options.GetClaimsFromUserInfoEndpoint = true;
        options.SaveTokens = true;               
        options.Scope.Add("openApiScope");
        options.Scope.Add("offline_access");
    });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
  app.UseAuthentication();   
}

But this code is not redirecting automatically as I don't have any Controller and action method defined in asp.net core which uses [Authorize]

So what I tried to redirect automatically, I written code in AppModule class of Angular to check the user login status if not logged in then redirect the user to identity server using below code using oidc.client.js .

@NgModule({
    declarations: [
        AppComponent,

    ],
    imports: [
        BrowserModule,
        HttpClientModule,

    ],
    providers: [

    ],
    bootstrap: [AppComponent]
})
export class AppModule {
    constructor(private _authService: AppAuthNService) {
        from(this._authService._userManager.getUser().then((user) => {           
            if (user==null) {
                this._authService.login();
            } 
        }));
    } 
}

It is now redirecting to authorization server but I am not sure if it is good approach.

Can any one suggest us

Rohit Kumar
  • 13
  • 7
  • This looks good, but why do you care about user context if you have no protected endpoints. – Vidmantas Blazevicius Jul 04 '19 at 10:39
  • Thanks Vidmantas for your reply, Actually I wanted to secure all static resources like, Js, Images etc which angular is going to use, should not be accessed without authentication. In this case angular will load its bootstraping file at least before redirecting to Identityserver. – Rohit Kumar Jul 05 '19 at 06:41
  • It won't achieve that kind of protection. All angular files will be served at page load (without user authenticating). All image files will still be accessible through just regular url (without anything extra), so basically this is gonna be just a mirage of protection. – Vidmantas Blazevicius Jul 05 '19 at 07:53
  • This should help you: https://stackoverflow.com/a/50719550/2521893 – Fredrik Lundin Jul 05 '19 at 08:20

0 Answers0