Combine IdentityServer4 and MVC client
Question
I downloaded the sample IdentityServer and MVC client project from Github. My goal is to create a portal environment, in which a user can authenticate and than proceed to request protected resources.
So what I did is move the Views from the MVC client to the IdentityServer project, changed the Client.cs to support a client on the same port and added the following in the startup from the IdentityServer:
var oidcOptions = new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
PostLogoutRedirectUri = "http://localhost:5000/",
ClientId = "mvc",
ClientSecret = "secret",
ResponseType = "code id_token",
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true
};
My question is are there any reasons, concerning security, I should not implement this and keep it seperated?
1 answers
solution1
3 2016-08-26 06:57:19
There is nothing wrong with this at all from a security perspective.
However I must warn you that you may run into a problem when dealing with cookies and tokens. Running them in separate projects implicitly separates the concerns of the MVC and IDS projects.
something that you might want to do is to fork your request pipeline by using app.Map() . (eg map IDS to "/identity" and the MVC project to "/ui")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.