Securing ASP.NET Core 2.0 with IdentityServer4: Demo Code

In one of my latest courses, Securing ASP.NET Core with OAuth 2.0 and OpenID Connect I explain how these standards can help with securing your web apps & APIs, using ASP.NET Core 1.1 and IdentityServer4.  But: right after that course was finished, ASP.NET Core 2.0 was released… In regular circumstances I applaud fast release schedules, knowing they mainly add to existing code instead of drastically changing in.  Lo and behold: dealing with authentication & authorization happened to be one of the parts of ASP.NET Core that was subject to quite a few changes…  the principles still apply of course, but the code does have to change a bit to work in ASP.NET Core 2.0… bummer :-)

One of the viewers of that course, Frans Harinck, took it upon himself to port my demo project to ASP.NET Core 2.0 and IdentityServer4.  And what’s even better: he put it all on his GitHub.  I figured I’d share this, as it’ll probably help a lot of people out.

You can find the updated demo code here.  Happy coding! :-)

 Tweet about this on TwitterShare on LinkedInShare on Facebook

2 Comments

Brian Wells

Hi Kevin,

Thanks again to both you for your outstanding course and to Frans for his 2.0 conversion fixes. One that seems not to have troubled his compiler, but which was a crash-inducing runtime issue in mine (the API project) is the following line, which survives in Frans’s code:
services.AddSingleton();
Someone else pointed this out too, and I was wondering if you could clarify/confirm that the fix is to make it AddScoped instead of AddSingleton?

Thanks again! Happy holidays

Reply
Huy

Hi Kevin,
Hope you are getting well. I followed your courses on Pluralsight, and they help me a lot. Thank for sharing the knowledge.
I’m having a problem while deploy the IdentityServer4 to IIS hosting server. The asp.net core 2.0 that host IdentityServer4 worked fine, but clients which connect to it to get token for authentication can not get metadata from it. So they are not be found when browsing.
The exception I got from logging is:
An unhandled exception has occurred: IDX10803: Unable to obtain configuration from: ‘https://172.17.100.201:8888/.well-known/openid-configuration’.
System.InvalidOperationException: IDX10803: Unable to obtain configuration from: ‘https://172.17.100.201:8888/.well-known/openid-configuration’. —> System.IO.IOException: IDX10804: Unable to retrieve document from: ‘https://172.17.100.201:8888/.well-known/openid-configuration’. —> System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.Http.WinHttpException: A security error occurred
I created a Self Signed Certificate using IIS Server Certificates.
Hope to hear from you.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *