We are using
Aspnetcore#3.1
with identityserver4 using oidc-js client for authentication with cookie authentication.
We are unable to achieve remember me functionality. Identity cookie is persisted but session is unable to validate from server side it redirects to login page.
How could user session invalidate server side?
Help needed configurations are default as Quickstart.
Thanks in advance.
Related
I'm using a net5.0 project with 5.0.1 Microsoft packages.
When a user signs out I'm calling SignInManager.SignOutAsync to sign them out. This will delete the cookie in the browser. If you save that cookie before you sign out, you're able to put the cookie back in the browser, or a completely different browser, and you're authenticated again.
Is there a way to sign out on the server so that if the cookie is used after a sign out, it won't be valid anymore?
There must be something besides the cookie on the server because if you restart the server, the cookie no longer works.
Cookie has a unique identifier(sessionid) for the current session, which is used to uniquely identify a browser with session data on the server.
Normally, session will lost when server restart, so the cookie will be invalid.
Normally in the current authentication we’re using, after the user name and password is entered from login UI, the credentials are checked at server side and if the user is authorized then a JWT token is sent back to client and this JWT token is saved in localstorage. The [Authorize] tag is doing the authorization in the middleware.
I want to use Blazor’s CascadingAuthenticationState, AuthorizeView and JWT authentication without using Identity library, is this possible? Now I used Blazored.LocalStorage.IlocalStorageService and saved the token to localstorage. How can I add token to each requests. Most of examples are blazor webassembly. I could not find similar scenario like mine. Is Using Identity the only way to authentication blazor server app. I have to use my own server and middleware so I wont use Identity? Or maybe I should create hybrit way to use both of them. What is your suggestion?
Background:
I have an application server that has an endpoint of /api/token. What this API does is it performs authentication against the supplied username and password using the standard basic authentication protocol.
When the process is successful, it returns an access token and HTTP code of 200 (OK). When fails, HTTP code 401 (unauthorised) is returned.
Question: Is there any way I can make Grafana's login page to pass on the login credential to my application server for authentication?
No, unless you want to hack source code.
But you can use Grafana in auth proxy mode, where authentication will be made by some "auth" proxy. For example, auth will be made by reverse proxy (e.g. Apache+mod_authnz_external) which will be in front of Grafana. All auth logic will be there and Grafana will just receive the request with request header X-WEBAUTH-USER value when user authentication is successful.
Another option is to start OIDC Identity Provider (for example Keycloak), which will use your app auth endpoint for authentication. Grafana has native OIDC/OAuth support, so it will be just configured against your OIDC Identity Provider.
I am using Identity Server for SSO in Thingworx. I am able to federate login, however I am not able to handle Logout.
Pls assist on how to handle logout.
You can specify IDP logout URL from the Saml Federated IDP configuration.
Thanks
Isura
Created a web based application which needs to integrate forms authentication and SSO. Currently forms authentication will validate all the registered users.
What I need is to integrate SSO as well in to the application. ie, If the user not authenticated then redirect to identity server (Okta) configured with WS-Fed and added the application, validate and response to landing page. Please can you help on this. Please let me know if any more information is required.
Can you please explain this statement " If the user not authenticated then redirect to identity server (Okta) configured with WS-Fed and added the application"?
Please see this link https://github.com/okta/okta-music-store. Under section "Adding Single-sign on to your Music Store" you can see how C# sdk can be used to implement single sign on.
Essentially what you need is a cookieToken from Okta. Using cookieToken as one time token and a redirect url (Can be your app url) you can use /login/sessionCookieRedirect?token=&redirectUrl=. This will create active session with Okta and redirect your user to your app or redirect uri.
Cookie token is obtained via series of two calls. Authentication that gives you session token in response. Session token is exchanged for cookie token via create session call.