Tag Archives: IdentityServer4

Implementing a silent token renew in Angular for the OpenID Connect Implicit flow

June 2, 2017 · by · in .NET Core, angular, ASP.NET Core, ASPNET5, OAuth2, Security · 10 Comments

This article shows how to implement a silent token renew in Angular using IdentityServer4 as the security token service server. The SPA Angular client implements the OpenID Connect Implicit Flow ‘id_token token’. When the id_token expires, the client requests new tokens from the server, so that the user does not need to authorise again. Code: […]

Extending Identity in IdentityServer4 to manage users in ASP.NET Core

November 18, 2016 · by · in .NET, angular, ASP.NET Core, ASPNET5, dotnet, MVC, OAuth2, Security, Typescript, Web · 21 Comments

This article shows how Identity can be extended and used together with IdentityServer4 to implement application specific requirements. The application allows users to register and can access the application for 7 days. After this, the user cannot log in. Any admin can activate or deactivate a user using a custom user management API. Extra properties […]

IdentityServer4, Web API and Angular in a single ASP.NET Core project

October 1, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, dotnet, Entity Framework, javascript, MVC, OAuth2, Security, Web · 48 Comments

This article shows how IdentityServer4 with Identity, a data Web API, and an Angular SPA could be setup inside a single ASP.NET Core project. The application uses the OpenID Connect Implicit Flow with reference tokens to access the API. The Angular application uses webpack to build. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow History: 2019-09-20: Updated ASP.NET Core 3.0, Angular […]

Angular secure file download without using an access token in URL or cookies

April 2, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, MVC, TopHeaderMenu, Web · 9 Comments

This article shows how an Angular SPA client can download files using an access token without passing it to the resource server in the URL. The access token is only used in the HTTP Header. If the access token is sent in the URL, this will be saved in server logs, routing logs, browser history, […]

Secure file download using IdentityServer4, Angular2 and ASP.NET Core

March 14, 2016 · by · in angular, AngularJS, ASP.NET Core, ASPNET5, javascript, MVC, OAuth2, Security, TopHeaderMenu, Typescript, Web · 12 Comments

This article shows how a secure file download can be implemented using Angular 2 with an OpenID Connect Implicit Flow using IdentityServer4. The resource server needs to process the access token in the query string and the NuGet package IdentityServer4.AccessTokenValidation makes it very easy to support this. The default security implementation jwtBearerHandler reads the token […]

Angular OpenID Connect Implicit Flow with IdentityServer4

March 2, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, javascript, MVC, OAuth2, Security, TopHeaderMenu, Typescript, Web · 141 Comments

This article shows how to implement an OpenID Connect Implicit Flow client in Angular. The Angular client is implemented in Typescript and uses IdentityServer4 and an ASP.NET core 2.0 resource server. The OpenID Connect specification for Implicit Flow can be found here. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow History: 2019-09-20: Updated ASP.NET Core 3.0, Angular 8.2.6 2018-12-05: Updated to […]

AngularJS OpenID Connect Implicit Flow with IdentityServer4

February 26, 2016 · by · in .NET, AngularJS, ASP.NET Core, MVC, OAuth2, Security, TopHeaderMenu, Web · 18 Comments

This article shows how to implement the OpenID Connect Implicit Flow using Angular. This previous blog implemented the OAuth2 Implicit Flow which is not an authentication protocol. The OpenID Connect specification for Implicit Flow can be found here. Code: VS2017 msbuild | VS2015 project.json History: 2017.03.18: Updated to angular 2.4.10, oidc client validation Full history: […]

Authorization Policies and Data Protection with IdentityServer4 in ASP.NET Core

February 14, 2016 · by · in .NET, ASPNET5, Entity Framework, MVC, OAuth2, Security, SQLite, TopHeaderMenu, Web · 24 Comments

This article shows how authorization policies can be used together with IdentityServer4. The policies are configured on the resource server and the ASP.NET Core IdentityServer4 configures the user claims to match these. The resource server is also setup to encrypt a ‘Description’ field in the SQLite database, so it cannot be read by opening the […]

Newer posts