Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuth Authorization Service in ASP.NET Core

In Web API 2, you used to be able to create an endpoint to issue a token by setting up an OAuth Authorization Server via middleware like below:

//Set up our auth server options. var OAuthServerOptions = new OAuthAuthorizationServerOptions()             {                 AllowInsecureHttp = true,                 TokenEndpointPath = new PathString("/token"),                 AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),                 Provider = new SimpleAuthorizationServerProvider()             };   // Sets up the token issue endpoint using the options above  app.UseOAuthAuthorizationServer(OAuthServerOptions); 

Perhaps I'm missing it, but I'm trying to figure out how to do this in ASP.NET Core. I've looked through the source (https://github.com/aspnet/Security) but I don't really see anything analogous. Is there a new way to accomplish this? Do I need to just create a controller and do it myself?

I see how OAuth Authentication can be set up via Middleware, but this regards the authorization portion where I issue claims from my API.

like image 237
swannee Avatar asked Mar 14 '15 23:03

swannee


People also ask

What is OAuth authentication in .NET Core?

Many websites use OAuth to allow users to sign into their applications and other people's applications. ASP.NET Core comes with OAuth authentication middleware, that makes it easy to use a third party OAuth 2.0 server for login.

What is authorization in ASP.NET Core?

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.

How do I Authorize API in NET Core?

Require authorization on a new API By default, the system is configured to easily require authorization for new APIs. To do so, create a new controller and add the [Authorize] attribute to the controller class or to any action within the controller.


1 Answers

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com.


Don't waste your time looking for an OAuthAuthorizationServerMiddleware alternative in ASP.NET Core, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there's an OWIN/Katana 3 version, and an ASP.NET Core version that supports both the full .NET framework and .NET Core.

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

ASP.NET Core 1.x:

app.UseOpenIdConnectServer(options => {     options.AllowInsecureHttp = true;     options.TokenEndpointPath = new PathString("/token");     options.AccessTokenLifetime = TimeSpan.FromDays(1);     options.TokenEndpointPath = "/token";     options.Provider = new SimpleAuthorizationServerProvider(); }); 

ASP.NET Core 2.x:

services.AddAuthentication().AddOpenIdConnectServer(options => {     options.AllowInsecureHttp = true;     options.TokenEndpointPath = new PathString("/token");     options.AccessTokenLifetime = TimeSpan.FromDays(1);     options.TokenEndpointPath = "/token";     options.Provider = new SimpleAuthorizationServerProvider(); }); 

To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

Good luck!

like image 115
Kévin Chalet Avatar answered Sep 25 '22 10:09

Kévin Chalet