Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to create an identity server for users without consent page?

Tags:

asp.net-mvc

asp.net-core

asp.net-identity

asp.net-core-identity

identityserver4

We have an internal application for internal users which I need to protect using OAuth2/OIDC and thinking of using IdentityServer4. The end users will not be authorizing any applications so there shouldn't be any consent page. I couldn't find any suitable samples, they either are MVC client samples with consent pages or console application clients for Resource Owner Password flows.

Only thing I got is that I need to implement IResourceOwnerPasswordValidator in IDSRV application. That part is I'm OK with. But I couldn't figure out how to setup IDSRV app and MVC app in their Startups.

What do I need to do to protect an .NET Core ASP.NET MVC app with IdentityServer4 using Resource Owner Password flow?

I'd appreciate any help.

Solution:

I've ended up using Hybrid flow with manuel user login instead of Resource Owner Password flow. Here's the working solution I've created:

https://github.com/deastr/IdentityServer4.HybridFlow.NoConsent

like image 703
dstr Avatar asked Nov 30 '16 13:11

dstr

People also ask

What is consent Identity Server?

Consent is used to allow an end user to grant a client access to resources (identity or API). This is typically only necessary for third-party clients, and can be enabled/disabled per-client on the client settings.

Can I use Identity Server for free?

The new Duende IdentityServer continues to be open source, but now has a dual license. This license allows it to be used for free for development, testing, and learning, free for non-commercial open source, and free for use in commercial settings if the entity or organization makes less than 1 million USD/year.

Is Identity Server an identity provider?

IdentityServer. IdentityServer is an OpenID Connect provider - it implements the OpenID Connect and OAuth 2.0 protocols. Different literature uses different terms for the same role - you probably also find security token service, identity provider, authorization server, IP-STS and more.

Does Identity Server use cookies?

Cookie authenticationIdentityServer registers two cookie handlers (one for the authentication session and one for temporary external cookies).

1 Answers

In the Client definition add the following

RequireConsent = false,
like image 57
GlennSills Avatar answered Sep 20 '22 15:09

GlennSills
Sign in to Comment

Related questions

How to install ASP.NET MVC 5 on a server?
MVC .NET How to add unit test project in for existing source code?
Using the Razor view engine in a different way
Get original url without non-standard port (C#)
Commonly-accepted approach in MVC for form within jQuery dialog
How do the MVC html helpers use expressions to get an objects property
Why EF navigation property return null?
Is it possible to redirect request from middleware in .net core
How do I redirect a user to a custom 404 page in ASP.NET MVC instead of throwing an exception?
Mixing jQuery and YUI together in an app, is it easily possible?
Using ViewModel Pattern with MVC 2 Strongly Typed HTML Helpers
How to make IRouteConstraint filter route
How can I add the MVC 5 project template to VS 2012?
Making an async call in an MVC 5 action filter
Unable to determine the relationship represented by navigation property ASP.NET core 2.0 Entity Framework
ASP.NET MVC: HTTPContext and Dependency Injection
C# MVC: Performance and Advantages of MVC Html Helpers vs. Direct HTML in views
How to integrate IoC Membership provider with ASP.NET MVC
Why does HttpContext not derive from HttpContextBase?
How to restrict file types with HTML input file type?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!