IdentityServer3.Admin
IdentityServer3.Admin copied to clipboard
IdentityServer
Windows authentication for admin
Hello,
Is it possible to authenticate user in identityServer.admin portal using windows authentication? I wanted to give it a try but simply switching value of windowsAuthenticate to true in csproj doesn't work. I understand that it's based on owin authentication so I've found two libraries which provides windows authentication for owin:
- https://github.com/ghalebbadran/WinodwsAuthenticationOwinMiddleware
- https://github.com/pysco68/Pysco68.Owin.Authentication.Ntlm
I am able to authenticate sample application to use above middlewares but i'm unable to make it working with admin. I followed example with ADFS and configured adminHostConfiguration but it isn't working. Any clue?
It looked like this:
var factory = new IdentityAdminServiceFactory();
factory.Configure();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "Cookies",
LoginPath = new PathString("/api/account/ntlmlogin"),
ReturnUrlParameter = "redirectUrl",
Provider = new CookieAuthenticationProvider()
{
OnApplyRedirect = ctx =>
{
if (!ctx.Request.IsNtlmAuthenticationCallback())
{
ctx.Response.Redirect(ctx.RedirectUri);
}
}
}
});
app.UseNtlmAuthentication()
var identityAdminOptions = new IdentityAdminOptions()
{
AdminSecurityConfiguration = new AdminHostSecurityConfiguration()
{
HostAuthenticationType = "Cookies",
NameClaimType = "name",
RoleClaimType = "role",
AdminRoleName = "Admin",
}
};
identityAdminOptions.Factory = factory;
app.UseIdentityAdmin(identityAdminOptions);
// configure web api
var config2 = new HttpConfiguration();
config2.Routes.MapHttpRoute("DefaultApi", "api/{controller}/{id}", new { id = RouteParameter.Optional });
app.UseWebApi(config2);
Also tried to change UseNtlmAuthentication with authenticationType Cookies and setting default authenticationType to Cookies but with no success.
We're still not sure how we want to do the authentication/security for this. IdMgr did it by letting the host choose, but many people were confused by it. So this is still a work in progress.
I've seen that underneath AdminHostSecurityConfiguration is Oauth2 authorization server. It seems complicated and confusing. Maybe it'd be better if there will be more documentation with samples.
The way I handled this was by setting up my AD user in IdentityServer3. To get the AD creds I used https://github.com/IdentityServer/IdentityServer3.WsFederation. Once the AD user had the right role, I was able to work with Admin
Yap but this is ADFS. It's shown in official demo how to setup id mgr/admin with adfs. I wanted to use pure AD/windows auth.
@madhavabhyankar could you elaborate about the your approach? It seems to me that admin is trying to use the authorization endpoint on the same host(base url). I intend to host identity server and admin server separately.
You don't need to host admin and server on the same host. You just need to have access to identity server database.
my intention is to use hosted identity sever to authenticate and authorize the access to the database
On Feb 27, 2016, at 6:17 AM, pawepaw [email protected] wrote:
You don't need to host admin and server on the same host. You just need to have access to identity server database.
— Reply to this email directly or view it on GitHub.
Don't get what you want to do. You want to authorize access to database using identity server?
right.
On Feb 27, 2016, at 5:31 PM, pawepaw [email protected] wrote:
Don't get what you want to do. You want to authorize access to database using identity server?
— Reply to this email directly or view it on GitHub.
@zhangxd6
May be this will help https://github.com/madhavabhyankar/IdentityServerWithWindowsAuthWSFed.git