1

I have an Api with Name MyApi and I use another asp.net core application with Identityserver4 for Protect MyApi,Now I don't have any problem in MyApi but,I want to save my Users's NationalCode ,So I should save this in my IdentityServer Database,But can't Get UserId (with User.Identity.Name) in my IdentityServer Project,I had same problem in my previose question

User.Identity.Name is null in my ASP.NET Core Web API

Now I have this problem in my IdentityServer4 project,So

Can I use Of MyApi token Or I should get a new token for send request to my idenittyserver4 project?

If I can MyAPI token ,How should I add configuration to solve the problem?

If I should take new token for my IdentityServer4 project,DO I need to want users to login again?!!!

Edit

I found a tutorail in below link but My Problem not solved Yet.

http://docs.identityserver.io/en/latest/topics/add_apis.html

I have seed my IdentityDatabase with below method 


public async Task AddIdenityServerApiToResources(IApplicationBuilder app)
        {
            using (var serviceScope = app.ApplicationServices.GetService<IServiceScopeFactory>().CreateScope())
            {
                serviceScope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
                var ccontext = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
                ccontext.Database.Migrate();
                //=============================================================
                ccontext.ApiResources.Add(new ApiResource(IdentityServerConstants.LocalApi.ScopeName) {
                    UserClaims =
                    {
                        JwtClaimTypes.Name,
                        JwtClaimTypes.Subject,
                        JwtClaimTypes.Role,
                    }
                }.ToEntity());
                //Add ApiResource To Client's Scope
                var Clients = ccontext.Clients.Include(e => e.AllowedScopes);
                foreach (var item in Clients)
                {
                    item.AllowedScopes.Add(new IdentityServer4.EntityFramework.Entities.ClientScope() { Scope = IdentityServerConstants.LocalApi.ScopeName });
                }
                var Count = await ccontext.SaveChangesAsync();
                if (Count > 0)
                {
                }
            }
        }
mohsen
  • 1,763
  • 3
  • 17
  • 55

3 Answers3

2

In IdentityServer4 startup.cs ConfigureServices

You should treat the api as if it's like any other api that needs to be secured by idserver4.

meaning: use AddAuthentication and AddJWTToken:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.Authority = "https:// idserver4 ";
            options.RequireHttpsMetadata = true;
            options.Audience = "api name";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
                RoleClaimType = "role"
            };
        });

in API controller :

use Authorize Attirbute and determine the authentication scheme like this: 

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
Feras Taleb
  • 688
  • 1
  • 4
  • 14
2

I solved the problem with below link:

http://docs.identityserver.io/en/latest/topics/add_apis.html

But the problem was where that I don't used Authorize on my controller with LocalApi.PolicyName policy

[Route("localApi")]
[Authorize(LocalApi.PolicyName)]
public class LocalApiController : ControllerBase
{
    public IActionResult Get()
    {
        // omitted
    }
}

after that the prolem was solvled

mohsen
  • 1,763
  • 3
  • 17
  • 55
1

I solved the problem thanks to @mohsen answer and @WeB answer.

Specify Policy name in Authorize attribute and use AddMvc() instead of AddMvcCore() or AddControllersWithViews() methods in Program.cs

Darkerone
  • 51
  • 5