2

I'm a newbie for ASPnet identity services and we require a following requirement.

Following is the architecture setup

1. Appserver

Appsever having
a. Entity Framework
b. ASP.Net Web API2 Odata services
c. Authorization server

2. Webserver

ASP.Net MVC 5 application (Client which access the App server)

The flow needs to be

  1. MVC5 Cleint application having a login / Register form

  2. While register / login the information needs to send to the authorization server int he app server, Authorize and creating the claims using Identity Services.

  3. Once the Identity has been created in the Authorization server, the client application should logged in

  4. I'm aware of getting bearer token from authentication server and that will be used as header information to access the API service

All we are lacking is the MVC client application should use the same identity claims that have created in the Authorization server.

Is there any way to access the claims which are created in the auth server.

I have got some samples about how to authenticate in the auth server and receiving token though OWIN and from this token we can access the API securely but I need of the client web application needs to sign in based on the token

I have gone through the following links

http://blogs.msdn.com/b/webdev/archive/2013/09/20/understanding-security-features-in-spa-template.aspx

Also, I require to add claims when ever it requires after login as well

Improve this question
4
  • are you using security token service? Commented May 29, 2014 at 13:58
  • Yes, created a Bearer token from the auth server. Also if I know that how to access the claims identity through this token would be more helpful too Commented May 30, 2014 at 6:03
  • @ansari any update on the topic? I'm in the same situation. I can use the token but I can't extract the data in the client app Commented Aug 3, 2014 at 11:25
  • 1
    @LóriNóda Please check the answer as my approach. Let me know if you need more clarification Commented Aug 26, 2014 at 15:37

1 Answer 1

Reset to default
1

I have resolve this issue as follows, but I'm not sure this is the effective method

  1. Once log-in and retrieve the bearer token (this token should assigned with claims identity already such as username, role .. etc)

  2. In the web api AccountController, need to create a method to retrieve the default claims which requires for client web application. Please check the follows

    [Authorize]
[HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)]
[Route("UserInfo")]
public UserInfoViewModel GetUserInfo()
{
    var firstname = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("FirstName")).SingleOrDefault();
    var lastname = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("LastName")).SingleOrDefault(); 

    var IsApproved = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("IsApproved")).SingleOrDefault();

    var userinfo = new UserInfoViewModel
    {
        UserName = User.Identity.GetUserName(),
        FirstName = firstname.Value.ToString(),
        LastName = lastname.Value.ToString(),
        UserApproved = Convert.ToBoolean(IsApproved.Value.ToString()),
        HasRegistered = externalLogin == null,
        LoginProvider = externalLogin != null ? externalLogin.LoginProvider : null
    };

    return userinfo;
}

  3. From the client, this actin will be called through the token as a header.

  4. Once we have got the information (is in Json string format) needs to serialize with the UserInfoViewModel class (user defined viewmodel is based on the info we require and send from webapi account) with javascript serializer

  5. Using these viewmodel information, assign them to local storage and using (cookies for my case) as a identity at local

  6. keep logout webapi too when ever you logs out from web app.

Please let me know if you need more info or code

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

seems that this is a working method but I thought that we can do this with the help of the framework (WIF), untill we don't have a better solution I think I should use this. Anyway thank you for the solution.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.