Access Token Validation in Web API 2 Framework 4.x with Identity Server 4











up vote
0
down vote

favorite












Hopefully someone can point me in the right direction, I need to validate the access token issued by identity server 4 in my api.



Authorized attribute is already set in the API.



Access token is retrieved correctly from server, but when passsing the access token to the request, i got an 401 Unauthorized error, and nothing is processed the request is rejected. I am using IdentityServer3.AccessTokenValidation nuget package.



I noticed for v4 of the AccessTokenValidation you can set RequireHttpsMetadata = false but i dont see how in v3.



Is this the best way to do this or should i be looking into another direction ?



public void ConfigureAuth(IAppBuilder app)

{



    app.UseCookieAuthentication(new CookieAuthenticationOptions

    {

        AuthenticationType = "Cookies",

    });



    JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, 

    string> 

    ();



    app.UseIdentityServerBearerTokenAuthentication

    (new IdentityServerBearerTokenAuthenticationOptions

    {

        Authority = "http://localhost:5000",

        RequiredScopes = new { "api2" },

    });

}


Thanks






oauth-2.0 asp.net-web-api2 identityserver4 identityserver3







share|improve this question




























    up vote
    0
    down vote

    favorite












    Hopefully someone can point me in the right direction, I need to validate the access token issued by identity server 4 in my api.



    Authorized attribute is already set in the API.



    Access token is retrieved correctly from server, but when passsing the access token to the request, i got an 401 Unauthorized error, and nothing is processed the request is rejected. I am using IdentityServer3.AccessTokenValidation nuget package.



    I noticed for v4 of the AccessTokenValidation you can set RequireHttpsMetadata = false but i dont see how in v3.



    Is this the best way to do this or should i be looking into another direction ?



    public void ConfigureAuth(IAppBuilder app)
    
{
    

    
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    
    {
    
        AuthenticationType = "Cookies",
    
    });
    

    
    JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, 
    
    string> 
    
    ();
    

    
    app.UseIdentityServerBearerTokenAuthentication
    
    (new IdentityServerBearerTokenAuthenticationOptions
    
    {
    
        Authority = "http://localhost:5000",
    
        RequiredScopes = new { "api2" },
    
    });
    
}


    Thanks






    oauth-2.0 asp.net-web-api2 identityserver4 identityserver3







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Hopefully someone can point me in the right direction, I need to validate the access token issued by identity server 4 in my api.



      Authorized attribute is already set in the API.



      Access token is retrieved correctly from server, but when passsing the access token to the request, i got an 401 Unauthorized error, and nothing is processed the request is rejected. I am using IdentityServer3.AccessTokenValidation nuget package.



      I noticed for v4 of the AccessTokenValidation you can set RequireHttpsMetadata = false but i dont see how in v3.



      Is this the best way to do this or should i be looking into another direction ?



      public void ConfigureAuth(IAppBuilder app)
      
{
      

      
    app.UseCookieAuthentication(new CookieAuthenticationOptions
      
    {
      
        AuthenticationType = "Cookies",
      
    });
      

      
    JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, 
      
    string> 
      
    ();
      

      
    app.UseIdentityServerBearerTokenAuthentication
      
    (new IdentityServerBearerTokenAuthenticationOptions
      
    {
      
        Authority = "http://localhost:5000",
      
        RequiredScopes = new { "api2" },
      
    });
      
}


      Thanks






      oauth-2.0 asp.net-web-api2 identityserver4 identityserver3







      share|improve this question















      Hopefully someone can point me in the right direction, I need to validate the access token issued by identity server 4 in my api.



      Authorized attribute is already set in the API.



      Access token is retrieved correctly from server, but when passsing the access token to the request, i got an 401 Unauthorized error, and nothing is processed the request is rejected. I am using IdentityServer3.AccessTokenValidation nuget package.



      I noticed for v4 of the AccessTokenValidation you can set RequireHttpsMetadata = false but i dont see how in v3.



      Is this the best way to do this or should i be looking into another direction ?



      public void ConfigureAuth(IAppBuilder app)
      
{
      

      
    app.UseCookieAuthentication(new CookieAuthenticationOptions
      
    {
      
        AuthenticationType = "Cookies",
      
    });
      

      
    JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, 
      
    string> 
      
    ();
      

      
    app.UseIdentityServerBearerTokenAuthentication
      
    (new IdentityServerBearerTokenAuthenticationOptions
      
    {
      
        Authority = "http://localhost:5000",
      
        RequiredScopes = new { "api2" },
      
    });
      
}


      Thanks






      oauth-2.0 asp.net-web-api2 identityserver4 identityserver3




      oauth-2.0 asp.net-web-api2 identityserver4 identityserver3






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 17 at 16:28

























      asked Nov 17 at 15:18









      Jonnathan Molina Prada

      23115




      23115





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53352564%2faccess-token-validation-in-web-api-2-framework-4-x-with-identity-server-4%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53352564%2faccess-token-validation-in-web-api-2-framework-4-x-with-identity-server-4%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Paul Cézanne

          Image
          Pour l’article ayant un titre homophone, voir Sézanne. Paul Cézanne.mw-parser-output .entete.artiste{background-image:url("//upload.wikimedia.org/wikipedia/commons/f/f3/Picto_infobox_artiste.png")} Autoportrait vers 1861 Naissance 19 janvier 1839 Aix-en-Provence (France) Décès 22 octobre 1906 (à 67 ans) Aix-en-Provence (France) Nationalité Française Activité Peintre Formation Académie de Charles Suisse Maître Joseph Gilbert, Antoine Guillemet, Camille Pissarro Mouvement Impressionnisme postimpressionnisme Influencé par Eugène Delacroix, Gustave Courbet, Véronèse A influencé Braque, Picasso, Matisse Conjoint Hortense Fiquet (depuis 1886) Enfant Paul Cézanne  ( d ) Œuvres principales La Montagne Sainte-Victoire, Portrait de madame Cézanne signature modifier - modifier le code - modifier Wikidata Paul Cézanne , né le 19 janvier 1839 à Aix-en-Provence et mort le 22 octobre 1906 dans la mê...
          Read more

          UIScrollView CustomStickyHeader Resize height generates problems when scroll is too fast

          Image
          0 I have been trying for a while to create a UIViewController that has a CustomStickyHeader and a UITableView. The idea I have been following is use the UITableView scrolling for changing the header view with the value of the contentOffset. The layout for the ViewController (AlbumsViewController) looks like: The UItableView Scrolling functions from the delegate are implemented like that: func scrollViewDidScroll(_ scrollView: UIScrollView) { let endReached = contentTableView.contentOffset.y >= (contentTableView.contentSize.height - contentTableView.frame.size.height) let isUP = lastContentOffset > scrollView.contentOffset.y if scrollView.contentOffset.y < 0 { headerHeightConstraint.constant += abs(scrollView.contentOffset.y) } else{ if !endReached{ ...
          Read more

          Angular material date-picker (MatDatepicker) auto completes the date on focus out

          Image
          3 3 I am using angular material/mat-datepicker in my project and whenever the user enters one digit inside of it, and goes out of focus - the date picker is auto completing with a random date. Example Just enter 1 and go out of focus, or enter 5/5/20 The date picker is adding date automatically Update : Also I am using reactive forms and I'm validating the input with that approach Can I disable this ? angular datepicker angular-material angular6 angular-material-datetimepicker share | improve this question edited Nov 20 '18 at 13:21 ...
          Read more