question

AlexanderAngelo-7181 avatar image
0 Votes"
AlexanderAngelo-7181 asked ChaoDeng-MSFT answered

Identity Server Login

Hi,

I am setting up authentication using Identity Server 4 and I need to provide a login api whereby clients can send login credentials and receive token back.

Is there a need for me to protect the login method in the controller to protect from any possibility of people hacking this login method?

thanks
Angelo

dotnet-aspnet-core-webapi
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ChaoDeng-MSFT avatar image
0 Votes"
ChaoDeng-MSFT answered

Hi @AlexanderAngelo-7181 ,

For secure access to the controller in IdentityServer4, you can refer to http://docs.identityserver.io/en/release/quickstarts/0_overview.html to create a basic IdentityServer4. This includes APIserver, JSClient and ID4 Server.

You could make IdentityServer include bearer token authentication:

 services.AddAuthentication()
     .AddIdentityServerAuthentication("bearer", options =>
     {
         options.Authority = "you identityserver base url";
         options.ApiName = "identityserver_api";
     });

And then have an authorization policy that checks for the scheme and the client ID claim:

 services.AddAuthorization(options =>
     {
         options.AddPolicy("JsClient", config =>
         {
             config.AddAuthenticationSchemes("bearer");
             config.RequireClaim("client_id", "my javascript client");
         });
     });

And then add an authorize attribute to your controller that specifies this authorization policy:

 [Authorize("JsClient")]



If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards,

ChaoDeng


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.