IdentityServer3.AccessTokenValidation icon indicating copy to clipboard operation
IdentityServer3.AccessTokenValidation copied to clipboard
verified publisher icon IdentityServer

401 While using IdentityServer and the protected WebApi in the same app

Open marzoukali opened this issue 8 years ago • 0 comments

Here's my startup.cs:

  public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            // Configure IdSrv before any AutoFac DI registrtion
            app.ConfigureIdentityServer();

            // Congiure WebApi, MVC, With AutoFac
            var httpConfig = new HttpConfiguration();
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            WebApiConfig.Register(httpConfig);
            SwaggerConfig.Register(httpConfig);



            // Configure WebApi to be a scope of the IdSrv that protected by it.
            app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                Authority = ConfigMngr.GetAppSettingsValue<string>("IdSrv:PublicOrigin"),
                RequiredScopes = new[] { "BS.APIs" },
                // We use the below line because the WebApis and IdentityServer are hosted in the same web app.
                DelayLoadMetadata = true,
                // Below 2 lines used for JWT
                //IssuerName = "https://bsidentity.local/identity/",
                //SigningCertificate = LoadWebApiCertificate(),
                ClientId = "42fae5e007ad",
                ClientSecret = "a7c4c3c14003",
                EnableValidationResultCache = false,
                ValidationMode = ValidationMode.ValidationEndpoint,
            });

            app.UseWebApi(httpConfig);


            ConfigureIOC(app, httpConfig);
            app.UseAutofacMvc();
            app.UseAutofacWebApi(httpConfig);

            

        }

        /// <summary>
        /// Load the certificate that sign the Id or Jw token
        /// </summary>
        /// <returns></returns>
        private static X509Certificate2 LoadWebApiCertificate()
        {
            //TODO: We need to create our own self-signed certificate.
            string baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
            return new X509Certificate2(
            Path.Combine(AppDomain.CurrentDomain.BaseDirectory, ConfigMngr.GetAppSettingsValue<string>("IdSrv:SigningCertificatePath")), ConfigMngr.GetAppSettingsValue<string>("IdSrv:SigningCertificatePassword"));
        }
    }

I tried a lot of solutions like:

  • re order all the middlewares by putting app.UseIdentityServerBearerTokenAuthentication before and after app.UseWebApi(httpConfig); as i tried a lot of orders.
  • Re check scope and client configurations and add some explicit configs like ClientId and ClientSecret
  • I tried to separate WebApi and MVC and Identity everyone in separate pipeline using app.Map but the same issue exists.

I want a way to let me know the exact reason behind the 401 Unauthorized? I think AccessTokenValidation didn't trigger at all? Is it an issue with AutoFac or with incompatible Nuget library (for example IdentityModel and AccessTokenValidation ) version between projects, but i checked most of the questions, configurations and documentations and the issue still exists.

Is it any suggestions please ??

marzoukali avatar Sep 05 '17 23:09 marzoukali