IdentityServer4 about devicemanager.api HOT 20 CLOSED

Hey, @Boriszn I solved the issue using hosts file in windows.
🎆 🍾 🔥
According to this StackOverflow question, in Windows, there are issues present while using localhost within container services. We should use the service name.

Hence, I defined the following two values in the hosts file present in

C:\Windows\System32\drivers\etc\hosts.

127.0.0.1 devicemanager.api
127.0.0.1 devicemanager.identityserver

Then modified docker-compose.override.yml file with below settings

services:
  devicemanager.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - AUTHENTICATION_AUTHORITY=http://devicemanager.identityserver:5000
      - ASPNETCORE_URLS=http://0.0.0.0:5001
    ports:
      - "5001:5001"
  devicemanager.identityserver:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=http://0.0.0.0:5000
      - SWAGGER_CLIENT=http://devicemanager.api:5001
    ports:
      - "5000:5000"

Then changed launchsettings.json

"profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development",
        "AUTHENTICATION_AUTHORITY": "http://devicemanager.identityserver:5000/"
      },
      "applicationUrl": "http://devicemanager.api:5001"
    },
    "DeviceManagerApi": {
      "commandName": "Project",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development",
        "AUTHENTICATION_AUTHORITY": "http://devicemanager.identityserver:5000/"
      },
      "applicationUrl": "http://devicemanager.api:5001"
    },
    "Docker": {
      "commandName": "Docker",
      "launchBrowser": true,
      "launchUrl": "http://devicemanager.api:5001/swagger"
    }
  }

The docker file looks like

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 5001

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY ["src/DeviceManager.Api/DeviceManager.Api.csproj", "src/DeviceManager.Api/"]
RUN dotnet restore "src/DeviceManager.Api/DeviceManager.Api.csproj"
COPY . .
WORKDIR "/src/src/DeviceManager.Api"
RUN dotnet build "DeviceManager.Api.csproj" -c Release -o /app

FROM build AS publish
RUN dotnet publish "DeviceManager.Api.csproj" -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "DeviceManager.Api.dll"]

Now the authentication is happening without any static IP configuration. The configuration works with/without docker-compose.

One thing is running docker images need to be stopped when the user wants to run outside docker using docker stop image_id.

TODO:
Currently, the identity server is using sqlite as the database.
Add more clients for the console app.
Allow user to send queries from postman/restlet client

from devicemanager.api.

@Boriszn
🙌 🙌 🙌 🙌 🙌

🎆 🍾 🎉
Now unit tests are running under Authentication. Authentication is an add-on feature using the compiler switch UseAuthentication. I will add new test cases for Authentication and update the README.md. Then create a new pull request.

from devicemanager.api.

I have implemented Bearer authentication. I will create a pull request this weekend.

from devicemanager.api.

@Boriszn
🎉🎉🎉
➕ ➕ 💥 ➕ ➕

Hey, I fixed the issue by using the static-IP address for each container in the docker-compose file.
Authentication & Authorization both are working with or without docker.

Only, thing currently not working are Device-Api Test because they are also building the request context.

I will try to fix the same.

I have pushed the code to a new branch in my forked repository by the name Identity Server Integration. You can clone it and run.

Users can be configured in the Config file.

from devicemanager.api.

@rudreshgp Regarding Identity Server: Have you created Identity Server repository somewhere or you using some Identity Server online, as as service ?
Regarding docker issue, could please explain the issue (with authorization) in detail ;) ?

Thanks,
Boris

from devicemanager.api.

Hey @rudreshgp that's awesome.

Don't forget to put all you findings in the readme file.

I'm not completely get what is issue about. :) So you can't connect to the Identity server from docker container, Right ? If yes then you should not use localhost names etc from the container and you should use IP.
I had same issue with SQL Server local instance (or express).

Regarding Identity Server. It is right, but I would like to create my own Identity Server Repository based on examples and templates, they provided here. IdentityServer4.Templates also would like to get it work with Azure Active directory.

from devicemanager.api.

Hi @rudreshgp

I think, creating Docker Network (or network bridge) may help.
Here the link with same issue:

• https://stackoverflow.com/questions/43911536/how-can-i-use-identityserver4-from-inside-and-outside-a-docker-machine

I will try also tackle this issue in the future.

from devicemanager.api.

Hi @rudreshgp

Sounds quite impressive !!! ;) You overcome all issues. :)) Thank you a so much.
I've seen your PR, I will take a look.

Best Regards,
Boris

from devicemanager.api.

Hi, @Boriszn I added oauth2 bearer authentication to the project and now through Swagger-UI we can log in. Also, roles/claims support is added. I am now working on updating docker files as I have used sample project from idenityserver4 repository project for the identity server.

I will try to push the code to another branch where you can give feedback.

from devicemanager.api.

So in docker authentication is working but authorization is failing. I will try to fix the same.

from devicemanager.api.

Hi, @rudreshgp.

Thank you a lot for the question and input.
I would say, the first priority is bearer token.
However, Google, and Facebook (or at least one of them) would be nice to have. (as configurative option, for example)

Best Regards,
Boris

from devicemanager.api.

Currently, I am using IdentityServer4 server project provided by IdentityServer4 samples. But is it better to use an external service?

from devicemanager.api.

The issue with docker is, the client(Device Manager API) is not able to verify the authority which issued the token, Even both client and server are connected using localhost.

from devicemanager.api.

Yes. even though they connect using localhost. The API can't verify identity authority while running in the container.

from devicemanager.api.

Hi, @Boriszn I have updated the project using templates you mentioned.

Also, I have added new claims by the name tenant_id which stores tenant id for users and role to store user type to limit the access to the resource.

The users having admin role can access data from any tenant. Non admin users need a claim by the name tenant_id and value being the tenant they belong. Users now can't access data from other tenants.

Currently, data is stored in a local database file.

While running in docker compose it's facing the same issue as before because redirect URLs stored in the database are pointing to localhost address. I will try to fix the same.

from devicemanager.api.

bridge network doesn't work for windows.

from devicemanager.api.

Hi @rudreshgp

Thank you a lot for the input.
I have some questions:

1. Are you using docker-toolbox ? If yes you shouldn't because it is legacy solution, you should switch to
   Docker for Windows: https://docs.docker.com/docker-for-windows/install/ Below is warn message from docker portal:

Docker Toolbox is for older Mac and Windows systems that do not meet the requirements of Docker Desktop for Mac and Docker Desktop for Windows. We recommend updating to the newer applications, if possible.

2. In the Hosts you are using same IP for both services ? If yes how it can work then ? Or I missed something ? :)
3. Identity Server aslo allows you to use SQL Server (LocalDb, Express, etc) http://docs.identityserver.io/en/latest/quickstarts/7_entity_framework.html I think It would be better to use it, isn't it ?.

@rudreshgp Could you please send me link to your implementation of IdentityServer ?

Best,
Boris

from devicemanager.api.

@Boriszn,

1. I am using Docker Desktop for windows. Currently, need to update database settings to connect to local SQL express database.

2. The local ports are mapped to access container images using localhost in docker-compose.override.yml

I have created a Identity Server Integration branch in my fork.

from devicemanager.api.

Hey @rudreshgp .

Thank you a lot, I see the point.

As I understood, Connection to SQL Express/(local) DB from Docker container, not an issue anymore, Right ?

from devicemanager.api.

The solution is to use the way you mentioned, by entering the IP Address.
One way we can handle this is by entering the IP address in .env file and enabling remote connections.
We can then get the IP address value in the environment variable and replace it in the connection string.

from devicemanager.api.