I tried adding ASP.NET Identity claims into the claims provided by the Identity Server.
This is the startup class where I am adding the claims from Identity server:
AuthorizationCodeReceived = async n => { // use the code to get the access and refresh token var tokenClient = new TokenClient( Constants.TokenEndpoint, "mvc.owin.hybrid", "secret");
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(
n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient(
new Uri(Constants.UserInfoEndpoint),
tokenResponse.AccessToken);
var userInfoResponse = await userInfoClient.GetAsync();
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.GetClaimsIdentity().Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"),
n.AuthenticationTicket.Properties);
}
In Accounts controller, I add the ASP Identity claims into the Claims provided by Open ID Connect.
I will have the user details in Identity server database as well as AbpUsers table. Depending upon a claim from IDP, I will retrieve the user information from the AbpUsers table. For now, I have hardcoded admin's credentials in LoginAsync.
public async Task<ActionResult> Login() { var cp = (ClaimsPrincipal)User; var ci = new ClaimsIdentity(cp.Identity);
var loginResult = await _logInManager.LoginAsync("admin", "123qwe", "");
ci.AddClaims(loginResult.Identity.Claims);
AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, ci);
return View()
}
This allows the authentication to happen successfully. But am combining two authentications here. Am I going towards the right direction? Or is there any way to bypass the Abp authentication and use only the authentication provided by Open ID Connect?
When I tried to skip ABP authentication, I don't get top menus and it doesn't show if user is logged in or not. None of the features work.
Is there a way to override the ASPNet Identity claims with the Identity server 3 Open ID Connect claims? I actually need the access token and other details from the claims provided by the Open ID Connect. But once I log in, I find the ASPNet Identity claims replaces the Open ID Connect claims. Actually, Open ID Connect authentication happens first and after its success, the default authentication also happens and clears out all the claims I received from the Identity server.
I am using an Asp.Net MVC 5.x multi tenant application with AngularJs and Entity Framework. Is it possible to authenticate the application with Identity Server 3 credentials? If yes, kindly share a sample snippet.