mmacneil / angularaspnetcoreoauth Goto Github PK
View Code? Open in Web Editor NEWSample project demonstrating user authentication and identity with Angular, Asp.Net Core and IdentityServer4
License: MIT License
Sample project demonstrating user authentication and identity with Angular, Asp.Net Core and IdentityServer4
License: MIT License
Hi,
After i have logged in, once i click on sign out it redirect me to the home page but
then when i press on log in it instantly authenticate me.
I believe it is because the log out functionality isn't implemented in the server side(auth server).
Can you take a look?
When I had loaded the AuthServer solution I'm seeing an error in my IDE (Rider) that says 'Cannot resolve action 'Challenge' on line 48 of the AccountController;
return RedirectToAction("Challenge", "External", new { provider = vm.ExternalLoginScheme, returnUrl });
There appears to be a missing External Controller?
I'm also seeing a similar error on line 79 and 120, 'Cannot resolve view Redirect'
return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl });
There is no 'Redirect' view inside the folder 'Views/Account'
Hello!
I didn't know how else I would reach you, but I have been trying to wrap my head around the "ResourceAPI" purpose,
and it's still not clear to me.
I tried convert Resource.API project to core 3 but no success.
User.Claims does not contain any entry.
Hi Mr.Mark,
Thank you for your valuable work!
I can make this project work fine in the local db. So, I want to create a same database in my AWS RDS db instance. But both of them are created with error. And the most confusing thing is I fail to delete these two database in my db instance.
the warning message from ssms:
"Msg 3701, Level 11, State 2, Line 3
Cannot drop the database 'AuthServer', because it does not exist or you do not have permission."
Any helps are highly appreciated. Thank you in advance!
Hey there, great article / demo!
Are you still planning to expand your demo a little bit to include Google auth?
I noticed this comment.
Thanks!
After login, it stays there, not go back to spa site and I can see this in the log.
Any idea?
2019-09-29 11:27:40.482 -07:00 [DBG] Augmenting SignInContext
2019-09-29 11:27:40.486 -07:00 [DBG] Adding idp claim with value: local
2019-09-29 11:27:40.487 -07:00 [DBG] Adding amr claim with value: pwd
2019-09-29 11:27:56.194 -07:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-09-29 11:29:19.608 -07:00 [INF] Removing 0 grants
2019-09-29 11:29:19.641 -07:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
2019-09-29 11:29:19.643 -07:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019-09-29 11:29:19.644 -07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
2019-09-29 11:29:19.649 -07:00 [DBG] Start authorize callback request
2019-09-29 11:29:19.654 -07:00 [DBG] No user present in authorize request
2019-09-29 11:29:19.655 -07:00 [DBG] Start authorize request protocol validation
2019-09-29 11:29:19.657 -07:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-09-29 11:29:19.658 -07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-09-29 11:29:19.659 -07:00 [INF] ValidatedAuthorizeRequest
{"ClientId":"angular_spa","ClientName":"Angular SPA","RedirectUri":"http://localhost:4200/auth-callback","AllowedRedirectUris":["http://localhost:4200/auth-callback"],"SubjectId":"anonymous","ResponseType":"id_token token","ResponseMode":"fragment","GrantType":"implicit","RequestedScopes":"openid profile email api.read","State":"1437dc56e6d44f7a83633019bddc2ba5","UiLocales":null,"Nonce":"0e0f9ccf5aca4280852d12b6bb6ec2a2","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"client_id":"angular_spa","redirect_uri":"http://localhost:4200/auth-callback","response_type":"id_token token","scope":"openid profile email api.read","state":"1437dc56e6d44f7a83633019bddc2ba5","nonce":"0e0f9ccf5aca4280852d12b6bb6ec2a2"},"$type":"AuthorizeRequestValidationLog"}
2019-09-29 11:29:19.661 -07:00 [INF] Showing login: User is not authenticated
2019-09-29 11:29:19.673 -07:00 [DBG] Start authorize request protocol validation
2019-09-29 11:29:19.675 -07:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-09-29 11:29:19.676 -07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-09-29 11:29:19.677 -07:00 [DBG] client configuration validation for client angular_spa succeeded.
Cookies marked with SameSite=None must also be marked with Secure to allow setting them in a cross-site context. This behavior protects user data from being sent over an insecure connection.
Hi,
I tried to run the sample but when i click on TopSecretArea after login i am getting the below error:
Failed to load resource: the server responded with a status of 403(Forbidden) - :5050.api/values:1
ERROR Server error
defaultErrorLogger @cor.js:4002
Regards,
Kalpana
hi,
how can I possibly replace all identity server 4 MVC view templates like (login and register) to Angular template?
thanks in advance for any idea
Hello Mark,
Thank you for sharing this wonderful repository with everyone, it has been a great learning experience.
I was playing around with the repository and noticed that after successful login when I browse to the Top Secret page/component using the link in the header it works fine as expected, after that if I do a page reload using the browser refresh button or F5 then I am redirected to the login page.
For some strange reason the canActivate
method in the auth.guard.ts
file returns false when the page is reloaded.
Any suggestions to resolve this?
Thank you :)
Hi Mark
Thanks for your article, it was quite helpful, I have a lot of questions about this approach, I hope you can help me if you wish to help a newbie :)
First of all, How can get data from the API in Angular securely without user login, you know, for example, when you want to show articles on the website without needing to user login for getting data from API.
In following How could log in with no need to go in the Identity Server app to log in, like sending a post request with login information in its body securely to Identity Server, I think its quite a drawback with those all going difference links, and call-back component, it should be a simple login inside Angular like registration!
I'll very grateful if you could help me in any sort of, articles, codes, examples, etc :)
following command doesn't create respective entities into database , also I don't see consent page after login ,
AuthServer.Infrastructure> dotnet ef database update --context PersistedGrantDbContext
Please suggest
I keep getting redirected, it's not clear what the exact problem is.
The port of the project is not 5000, but another one ( but all endpoints work and it doesn't seem to be redirecting to another url somewhere when i check fiddler)
The only "weird" thing is, is that the srv.session cookie is a year old. But i guess it's to remove the cookie every time:
Tried updating to the latest IdentityServer4 in the major version ( eg. 2.5.3). --> No dice
Whatever i try, i keep hitting the login page with the same "not authenticated user" in my logs.
When i try an invalid password. I receive the appropriate message.
---------------------Log ------------------------------
2019-11-15 02:56:12.455 +01:00 [INF] Starting IdentityServer4 version 2.4.0.0
2019-11-15 02:56:12.808 +01:00 [INF] Using the default authentication scheme Identity.Application for IdentityServer
2019-11-15 02:56:12.810 +01:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for authentication
2019-11-15 02:56:12.813 +01:00 [DBG] Using Identity.External as default ASP.NET Core scheme for sign-in
2019-11-15 02:56:12.817 +01:00 [DBG] Using Identity.External as default ASP.NET Core scheme for sign-out
2019-11-15 02:56:12.819 +01:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for challenge
2019-11-15 02:56:12.822 +01:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for forbid
2019-11-15 02:56:13.168 +01:00 [DBG] Starting grant removal
2019-11-15 02:56:13.310 +01:00 [DBG] Login Url: /Account/Login
2019-11-15 02:56:13.314 +01:00 [DBG] Login Return Url Parameter: ReturnUrl
2019-11-15 02:56:13.317 +01:00 [DBG] Logout Url: /Account/Logout
2019-11-15 02:56:13.319 +01:00 [DBG] ConsentUrl Url: /consent
2019-11-15 02:56:13.321 +01:00 [DBG] Consent Return Url Parameter: returnUrl
2019-11-15 02:56:13.324 +01:00 [DBG] Error Url: /home/error
2019-11-15 02:56:13.328 +01:00 [DBG] Error Id Parameter: errorId
2019-11-15 02:56:35.099 +01:00 [DBG] CORS request made for path: /.well-known/openid-configuration from origin: http://localhost:4200
2019-11-15 02:56:35.103 +01:00 [DBG] Client list checked and origin: http://localhost:4200 is allowed
2019-11-15 02:56:35.104 +01:00 [DBG] CorsPolicyService allowed origin: http://localhost:4200
2019-11-15 02:56:35.123 +01:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2019-11-15 02:56:35.150 +01:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019-11-15 02:56:35.153 +01:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2019-11-15 02:56:35.159 +01:00 [DBG] Start discovery request
2019-11-15 02:56:35.249 +01:00 [DBG] Request path /connect/authorize matched to endpoint type Authorize
2019-11-15 02:56:35.260 +01:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019-11-15 02:56:35.263 +01:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
2019-11-15 02:56:35.271 +01:00 [DBG] Start authorize request
2019-11-15 02:56:35.289 +01:00 [DBG] No user present in authorize request
2019-11-15 02:56:35.298 +01:00 [DBG] Start authorize request protocol validation
2019-11-15 02:56:35.325 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:35.374 +01:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-11-15 02:56:35.397 +01:00 [INF] ValidatedAuthorizeRequest
{"ClientId":"angular_spa","ClientName":"Angular SPA","RedirectUri":"http://localhost:4200/auth-callback","AllowedRedirectUris":["http://localhost:4200/auth-callback"],"SubjectId":"anonymous","ResponseType":"id_token token","ResponseMode":"fragment","GrantType":"implicit","RequestedScopes":"openid profile email api.read","State":"2acc6812a2de4645b57f1a8a5357a427","UiLocales":null,"Nonce":"535752b0b9184c2fa72b00387f53a0a2","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"client_id":"angular_spa","redirect_uri":"http://localhost:4200/auth-callback","response_type":"id_token token","scope":"openid profile email api.read","state":"2acc6812a2de4645b57f1a8a5357a427","nonce":"535752b0b9184c2fa72b00387f53a0a2"},"$type":"AuthorizeRequestValidationLog"}
2019-11-15 02:56:35.411 +01:00 [INF] Showing login: User is not authenticated
2019-11-15 02:56:35.482 +01:00 [DBG] Start authorize request protocol validation
2019-11-15 02:56:35.484 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:35.485 +01:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-11-15 02:56:35.489 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:37.141 +01:00 [DBG] Start authorize request protocol validation
2019-11-15 02:56:37.143 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:37.145 +01:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-11-15 02:56:37.858 +01:00 [DBG] Augmenting SignInContext
2019-11-15 02:56:37.864 +01:00 [DBG] Adding idp claim with value: local
2019-11-15 02:56:37.866 +01:00 [DBG] Adding amr claim with value: pwd
2019-11-15 02:56:37.888 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:37.946 +01:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
2019-11-15 02:56:37.949 +01:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019-11-15 02:56:37.951 +01:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
2019-11-15 02:56:37.961 +01:00 [DBG] Start authorize callback request
2019-11-15 02:56:37.969 +01:00 [DBG] No user present in authorize request
2019-11-15 02:56:37.972 +01:00 [DBG] Start authorize request protocol validation
2019-11-15 02:56:37.975 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:37.978 +01:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-11-15 02:56:37.980 +01:00 [INF] ValidatedAuthorizeRequest
{"ClientId":"angular_spa","ClientName":"Angular SPA","RedirectUri":"http://localhost:4200/auth-callback","AllowedRedirectUris":["http://localhost:4200/auth-callback"],"SubjectId":"anonymous","ResponseType":"id_token token","ResponseMode":"fragment","GrantType":"implicit","RequestedScopes":"openid profile email api.read","State":"2acc6812a2de4645b57f1a8a5357a427","UiLocales":null,"Nonce":"535752b0b9184c2fa72b00387f53a0a2","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"client_id":"angular_spa","redirect_uri":"http://localhost:4200/auth-callback","response_type":"id_token token","scope":"openid profile email api.read","state":"2acc6812a2de4645b57f1a8a5357a427","nonce":"535752b0b9184c2fa72b00387f53a0a2"},"$type":"AuthorizeRequestValidationLog"}
2019-11-15 02:56:37.982 +01:00 [INF] Showing login: User is not authenticated
2019-11-15 02:56:38.002 +01:00 [DBG] Start authorize request protocol validation
2019-11-15 02:56:38.004 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:38.007 +01:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-11-15 02:56:38.010 +01:00 [DBG] client configuration validation for client angular_spa succeeded.
2019-11-15 02:56:43.234 +01:00 [INF] Removing 0 grants
2019-11-15 03:03:44.453 +01:00 [INF] Removing 0 grants
2019-11-15 03:04:14.479 +01:00 [INF] Removing 0 grants
2019-11-15 03:04:44.492 +01:00 [INF] Removing 0 grants
2019-11-15 03:05:14.510 +01:00 [INF] Removing 0 grants
2019-11-15 03:05:44.522 +01:00 [INF] Removing 0 grants
2019-11-15 03:06:14.540 +01:00 [INF] Removing 0 grants
2019-11-15 03:06:44.554 +01:00 [INF] Removing 0 grants
2019-11-15 03:07:14.568 +01:00 [INF] Removing 0 grants
Any thoughts what could be wrong? My current thought is that i'm not receiving any grants right now. But i don't know why.
I'm seeing that you're inserting the Connection String of the database as string and not going with the configuration way (in the PersistedGrantDbContextFactory). Don't you think that that's a security concern?
Hello, can you add extraTokenParams attribute in to OidcClientSettings interface?
The JS library have this attribute and i need :(
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.