Logging Out AspNet Client From IdentityServer4 - asp.net-mvc-4

How to log out AspNet MVC client from IdentityServer4?
If I trigger
Request.GetOwinContext().Authentication.SignOut();
from Aspnet MVC Client then all clients including AspNetCore MVC Client logged out correctly. But if I click logout from IdentityServer 4, only AspNetCore MVC client logged out but Aspnet MVC Client stays logged in. Any help highly appreciate

Related

OpenIddict: Share authentication between ASP.NET Core application and WEB.API Application

I have an asp.net core web application that using OpenIddict. It works fine and users can login.
Now I want to add web.api hosted on separate subdomain, but because the user is already authenticated I want to somehow share that authentication.
Is it possible? How can I do it? I see in the examples for OpenIddict user have to authenticate again, but I do not want that.
My Setup:
ASP.NET Core Web App: app.domain.com
OpenIddict server: login.domain.com
Web API .net Core App: api.domain.com (that is new requirement)
My web application has views that display data from controllers, I want to add extra javascript logic, and I can have web.api as part of the asp.net core domain: app.domain.com/api/
in that case, it works, the authenticated shared between web application and API,
but my goal is to have web.api on a separate subdomain: api.domain.com
I know I have to create a Bearer token, but it is not clear how to do it without authenticating the user again. So I want somehow share ASP.NET Core web application authentication to access api.domain.com
Can you please point me in the right direction? Where to start looking?

Which OpenId Grant Type should I use in MVC application? Code? Client Credentials?

With ASP.NET Core 5, Angular 10 and Identity Server 4 I created 4 applications:
Auth using Identity Server 4;
Asp.Net Core 5 API
Asp.Net Core 5 MVC
Angular 10 SPA
On the Angular application (4) I am using OIDC Client JS and Code Grant Type.
The Asp.Net Core 5 MVC application (3) also needs to access the API ...
I am using Identity Model but what Grant Type should I use in MVC application?
Code as in the Angular application (Is this possible?)? Client Credentials?
If you login the user on MVC application and you want to call the API on behalf of the user use the Code flow.
In this case only difference between MVC and angular apps is that Asp.Net Core 5 MVC is a confidential client and you can use Code flow. But Angular 10 SPA client is a public client and you should you Code + PKCE.
It is although recommended to use PKCE in both cases.
If you just call an API through MVC and as the app itself and not behalf of the user, you can use Client Credentials flow. This flow is for server to server scenarios and it is secure.
In this case you should do authorization for MVC app as well.

Integrate Membership Provider with AspNet Core Identity

I have two ASP.NET web applications.
A legacy web forms application built using .Net Framework 4.6.1 with a Membership Provider
An AspNet Core application that uses Core Identity 2.1
The two web applications comprise the overall web application.
The plan is to have both applications hosted in IIS and allow the Core web application to manage authentication/authorization for both web apps.
I have already implemented cookie sharing between the two applications using an OWIN startup class in the web forms app and corresponding middle-ware in the Core app.
The flow is as follows:
The requests coming into the webforms application will be intercepted by a Http moudule which will redirect to the AspNet Core login form if the user is not authenticated.
Once the user enters their credentials in the Core Login form, they are redirected back to the Web forms application Home page or whatever other page as if they had logged into the app directly.
The issue I am currently having is that I haven't been able to find a programmatic way of authenticating the user as though they had submitted the Login form in the web forms app.
Is there a way to programmatically authenticate a user by using the Membership Provider via Core Identity?

How to authenticate two type of authentication in ASP.NET Core 2.1?

ASP .NET Core(2.1) Web API authenticate LDAP users(intranet app - windows authentication ) and external tool requests against application key.
How to authenticate two type of authentication in ASP.NET Core 2.1?

How to implement Authentication and Authorization in ASP.NET Web API Core?

We are building ASP.NET MVC core web app and accessing data through ASP.NET Core Web API.
We have to give authentication and authorization to both MVC Core and Web API Core side.
If user is authenticated in MVC core web app then while accessing the data on web API core it is should not again authenticate. If user is directly accessing the web API then it should not allow and ask for authentication.
We also want to give authentication through Google.
For WebAPI I suggest token based authentication, Google support OAuth.
I suggest you take a look at the following link:
https://stormpath.com/blog/token-authentication-asp-net-core
There are some community-led efforts to build rich token authentication functionality for ASP.NET Core:
AspNet.Security.OpenIdConnect.Server – Similar to the OAuth Authorization Server middleware for ASP.NET 4.x.
OpenIddict – Wraps OpenIdConnect.Server up into an easier-to-use package that plugs into ASP.NET Identity.
IdentityServer4 – A port of Thinktecture IdentityServer3 to .NET Core.
All of them have sample MVC and API apps. Enjoy.