Secure Your ASP.NET Core App with OAuth 2.0

Secure Your ASP.NET Core App with OAuth 2.0

Learn how to use Single Sign-On (SSO) to secure your ASP.NET MVC Application.

Richard Clarke

Hi
Great article. Just what I was looking for.
One thing I’m not clear on is how to make a subsequent request to the authorisation server. I need to do something similar to the code in your article in the OnCreatingTicket method i.e. make a call for more info from the authorisation server (not the user info call) and do it from a MVC controller action in my app. I need to send an authorization header with a bearer token containing the access token. In the OnCreatingTicket, you get the access token from the context, but I don’t know how to get the access token from within a controller method.
Regards Richard.

Fatima Zahra Raefat

hello, I tried to follow all these steps but I found a problem in LiveMusicFinder, it doesn’t run and I got this error :
The program ‘[5916] dotnet.exe’ terminated with the code -2147450751 (0x80008081).
Thank u for your help

Matt Raible

Can you please try comparing your code to the example on GitHub?

Eric Brown

when setting up the 2nd app (.net core) i get the following error.

There isn’t that much to change to set it up, anyone know what i did wrong?

An unhandled exception occurred while processing the request.
SocketException: No such host is known
System.Net.Http.ConnectHelper.ConnectAsync(string host, int port, CancellationToken cancellationToken)

HttpRequestException: No such host is known
System.Net.Http.ConnectHelper.ConnectAsync(string host, int port, CancellationToken cancellationToken)

IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden]’.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.
Microsoft.IdentityModel.Protocols.ConfigurationManager<t>.GetConfigurationAsync(CancellationToken cancel)

Eric Brown

FYI the URL appsetting had “Desktop” appended to the end for some reason, copy and paste error i guess

Assil

In the controller, Aren’t you able to access the request?
The token is stored in request.Headers.Authorization .
This is one way of getting the token but there are so many other ways. No need for subsequent requests to the authentication server.

bluebaronca

I want to setup an SSO login page for an existing identity server. I want it setup like this but at the end, I want it to 302 to another app with the auth token. Is this facility built in?