I'm using Identity server and I wanna create an application like discord or slack. Basically you can be part of multiple organizations, but you have a different role in each of them. So when you click on the role I wanna create an access token with the role claims that correspond to your role on the organization. Basically, I am asking for a way to manually call my profile service, so I can always create the corresponding access_token
I am asking for a way to manually call my profile service, so I can always create the corresponding access_token
You can add your custom ProfileService for IdentityServer, here is steps to follow:
Add your custom ProfileService which implements IdentityServer4.Services.IProfileService. This class is added on IdentityServer project.
public class CustomProfileService : IProfileService
{
}
Checkout ProfileService to get an idea for implementation details. And here is a very good example to follow.
Add it to IOC on Startup class of IdentityServer project
services.AddTransient<IProfileService, CustomProfileService>();
Set it as profile service used on IdentityServer - This code is on Startup class of IdentityServer
services.AddIdentityServer()
.AddProfileService<CustomProfileService>();
Read more here
Related
I'm trying to create a new web.api project using this guide:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api
Now on my good old webforms project I could set a page that would show if the user was'nt logged in, no matter what the user would try to access.
Can a web.api project be configured to do the same (show a default login-page no matter the path written in the URL) and off course show the correct page when the user IS authenticated?
You should use Authorization for token.
During creating project select Individual User Accounts.
And, Project will be installed Microsoft identity framework.
You can use Authorize attiribute.
[Authorize]
public class TestController : ApiController
{
}
After registering, send login request this http://localhost:fooPortNumber/token link.
The request will contain the token information.
You should send token information to controller.
I have an MVC application where ASP.NET Identity 2 is used and I can properly manage the Laboratory parts by giving permission to the corresponding role group i.e. giving read permission to Lab1 students by Lab1Group. However, I want the application is flexible so that the admin can create new laboratory lessons i.e. Lab2 and add it to the corresponding role group i.e. Lab2Group that will be created after creation of new laboratory. As far as I know creating a new Laboratory role group requires creating a new Controller having CRUD operations, but I want to use the same Controller with the newly created lab lessons. Is it possible? Because normally we need to define the access permission to a Controller by using [Authorize] attribute and I am not sure if it is possible to add the newly created role(s) to this attribute? Any idea?
If you want to put dynamic behaviour in role authorization, you can create route and role mapping in your database, which you can also cache in your application if required. Second, you have to create a custom authorize attribute, which can get required roles for the current route (controller or controller + action) and can access current user roles from current context. You have both the information and now you can authorize/ unauthorize user by overriding OnAuthorization method in your new attribute as per your application logic.
Lets divide the problem statement and then try to solve.
You have to create new role/ role- group and you need to assign them to appropriate users, which should be state forward and app admin can do that. Identity 2.0 is good for this.
As per your question, route for Lab1 and Lab2 could be something labcontroller/lab1 , labcontroller/lab2. I was trying to tell that if you want to make authorization process dynamic, you can have mapping of route and role in db.
When any user will access labcontroller/lab1, your custom authorization attribute's OnAuthorization method will read the current route from context and get its required role from above mentioned mapping.
If current user also have the required role, permission will be granted.
In a Asp.net Mvc 6 website I customized the out-of-the-box AccountController so that I add a custom Claim before calling userManager.CreateAsync(), both when registering
with a local account (email/password), in the Register() method of the controller
with an external provider (google/facebook), in the ExternalLoginConfirmation() of the controller
Now what I'd like to do is, immediately after the user logs in, both
in the Login() method after calling signInManager.PasswordSignInAsync() and
in the ExternalLoginCallback() method after calling signInManager.ExternalLoginSignInAsync()
...to retrieve that claim, ideally without hitting the DB to get the User.
I noticed that if I look at User directly after sign-in, the Claims collection is empty. However, if I look at it in a subsequent controller action the Claims collection is populated and has my custom claim in it.
The question is, why isn't the Claims populated immediately after sign-in (I guess the sign-in code doesn't refresh the CurrentPrincipal?) and is there another place to check directly after sign-in to get the claims without hitting the DB?
You could try to implement your own ApplicationUserStore and fill whatever properties of the user (or entity which is used as identity entity) you need.
I'm trying to use the Authorize attribute on MVC 4 application,
[Authorize(Roles = "Administrator, Super-User")]
public JsonResult Remove(int id)
{
.
.
.
}
I know that only the roles "Administrator" and "Super-User" roles are authorized to execute the method Remove, but how I can set the role to the actual User of the application?
The answer is - somehow, so that HttpContext.Current.User is set and the IsInRole method returns true.
The easiest way to do this would be to follow one of built-in mechanisms of authentication/authorization: Forms authentication or Windows authentication.
The former requires that the request carries a valid forms cookie issued by the server. The latter requires that the request principal can be authenticated in the domain controller.
You are however free to implement a custom authentication module.
If you are just starting to learn this, probably you'd like to use Forms Authentication for this. Just let your users log in, issue the cookie and the cookie will automatically be carried by subsequent ajax request (assuming your server code is called from within javascript client-side ajax call).
You can Add the current user to a role using
Roles.AddUsersToRole(new string[]{HttpContext.Current.User.Identity.Name}, "Admin");
Roles class is available in System.Web.Security namespace.
if you want to add users and Roles
-Open your solution in Visual Studio
goto project->ASP.NET configuration->Security Tab
You can add a user to roles using a Role Provider.
var rolesProvider = (SimpleRoleProvider)Roles.Provider;
Check the role exists
if (!rolesProvider.RoleExists("SuperUser"))
{
rolesProvider.CreateRole("SuperUser");
}
Check if the user is in the role already, if not, add the user to the role
if (! rolesProvider.IsUserInRole("JohnSmith", "SuperUser"))
{
rolesProvider.AddUsersToRoles(new[] {"JohnSmith"}, new[] {"SuperUser"});
}
Hi i like to design a asp.net application(app1) where we can create role and actions. here action is such as create student details and delete student details... this both actions comes underneath to a role1.. so, the application will have some roles with set of actions. This roles and action will be used later in another applications(app2 and app3).
i have designed app1 with single sign on for all the application(app2,app3). when a user enter into app2, he/she will be redirected login page which resides in app1. There user validation will take place. once validated, authentication ticket will be send back to requested application(app2).
Once app2 receive the ticket, it will make another request app1 to get the roles and action belongs to singed user. the app2 should behave based the actions belongs to role.
*A user can have more roles.
how to control the user activities based on the actions?
Is there any framework to achieve this model?
Can you provide me any guidance for achieve my idea?
You should investigate the use of a RoleProvider which is built into the .NET Framework.
In addition to the role provider you can use the Authorization Manager to create Operations, Tasks, and Roles. You can then link Operations to specific function in you application and map roles in a variety of ways.
How To: Use Authorization Manager (AzMan) with ASP.NET 2.0