How to create a IdentityServer4 Server

by sunil ravulapalli /22. June 2016 08:09 / /Comments (0)

All code is from IdentityServer4.Samples githib repo

1. Create an ASP.NET Core Web Application

2. Choose Web Application

3. Choose No authentication

4. Add a Nuget package called IdentityServer4 v1.0.0-beta3(Remember to include prereleases in search)(This version is latest as of June 2016)

5. Get a pfx certificate.(For test purposes get this idsrv3test.pfx from here, https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev/MVC%20and%20API/src/IdentityServer.When you download this file right click on it choose DO NOT DO "Save as". For some reason the certificate does not work this way. Just click on it one, which takes you to the "raw". Just click the "Raw" link to download it.

6. Add a folder called Configuration and add these files Clients.cs, Scopes.cs and Users.cs

using IdentityServer4.Models;
using System.Collections.Generic;
public class Clients
{
	public static IEnumerableList<Client> Get()
	{
		return new List<Client>
		{
			new Client
			{
				ClientName = "Resource owner Client",
				ClientId = "roclient",
				ClientSecrets = new List<Secret>
				{
					new Secret("madeupsecret".Sha256())
				},

				AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

				AllowedScopes = new List<string>
				{
					StandardScopes.OpenId.Name,
					StandardScopes.Profile.Name,
					"api1"
				}
			}
		};
	}
}

using IdentityServer4.Models;
using System.Collections.Generic;

public class Scopes
{
	public static IEnumerable<Scope> Get()
	{
		return new List<Scope>
		{
			StandardScopes.OpenId,
			StandardScopes.Profile,

			new Scope
			{
				Name = "api1",
				DisplayName = "API 1",
				Description = "API 1 features and data",
				Type = ScopeType.Resource
			}
		};
	}
}

using IdentityModel;
using IdentityServer4;
using IdentityServer4.Services.InMemory;
using System.Collections.Generic;
using System.Security.Claims;

public class Users
{
	public static List<InMemoryUser> Get()
	{
		var users = new List<InMemoryUser>
		{
			new InMemoryUser{Subject = "818727", Username = "alice", Password = "alice",
				Claims = new Claim[]
				{
					new Claim(JwtClaimTypes.Name, "Alice Smith"),
					new Claim(JwtClaimTypes.GivenName, "Alice"),
					new Claim(JwtClaimTypes.FamilyName, "Smith"),
					new Claim(JwtClaimTypes.Email, "AliceSmith@email.com"),
					new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
					new Claim(JwtClaimTypes.Role, "Admin"),
					new Claim(JwtClaimTypes.Role, "Geek"),
					new Claim(JwtClaimTypes.WebSite, "http://alice.com"),
					new Claim(JwtClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118,'country': 'Germany' }", Constants.ClaimValueTypes.Json)
				}
			}
		};

		return users;
	}
}

7a. Create a IEnvironment variable in Startup.cs

private readonly IHostingEnvironment _environment;

7b. Get a reference to the concreate env in the constructor

_environment = env;

7c. Load certificate like this in the ConfigureServices method

var cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "idsrv3test.pfx"), "idsrv3test");

7d. Configure Clients, Scopes and Users like this

var builder = services.AddIdentityServer()
                .SetSigningCredentials(cert)
                .AddInMemoryClients(Clients.Get())
                .AddInMemoryScopes(Scopes.Get())
                .AddInMemoryUsers(Users.Get());

In the Configure method, add

app.UseIdentityServer();

Now to test it out, lets use the the Postman extention in Google Chrome browser.

8. Create a new request and in the Authorization tab choose Basic and put the username password as we set up in the client i.e. Username: roclient, Password=madeupsecret and hit update request. This will add a row in the header tab.

9. Add more the following entries in the header section like this:

 

10. Add following entries to the Body tab:

 

 

blog comments powered by Disqus