OAuth Authorization Service in ASP.NET Core

by

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com.

Don’t waste your time looking for an OAuthAuthorizationServerMiddleware alternative in ASP.NET Core, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83

I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there’s an OWIN/Katana 3 version, and an ASP.NET Core version that supports both the full .NET framework and .NET Core.

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

ASP.NET Core 1.x:

app.UseOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

ASP.NET Core 2.x:

services.AddAuthentication().AddOpenIdConnectServer(options =>
{
    options.AllowInsecureHttp = true;
    options.TokenEndpointPath = new PathString("/token");
    options.AccessTokenLifetime = TimeSpan.FromDays(1);
    options.TokenEndpointPath = "/token";
    options.Provider = new SimpleAuthorizationServerProvider();
});

To learn more about this project, I’d recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.

Good luck!

More Related Contents:

  1. What is the equivalent of Server.MapPath in ASP.NET Core?
  2. ASP.NET Core Dependency Injection with Multiple Constructors
  3. Duplicate ‘Content’ items were included. The .NET SDK includes ‘Content’ items from your project directory by default
  4. How to get the current logged in user ID in ASP.NET Core?
  5. Configure the authorization server endpoint
  6. Why would one use a third-party DI Container over the built-in ASP.NET Core DI Container?
  7. ASP.NET Core with IIS – HTTP Verb Not Allowed
  8. I’m lost. What happened to ASP.NET MVC 5?
  9. Return PDF to the Browser using ASP.NET Core
  10. Custom Authentication in ASP.Net-Core
  11. How to run ‘dotnet dev-certs https –trust’?
  12. What is Kestrel (vs IIS / Express)
  13. Access Web.config settings in Asp.Net Core App?
  14. How to disable browser cache in ASP.NET core rc2?
  15. Convert IHtmlContent/TagBuilder to string in C#
  16. The specified CGI application encountered an error and the server terminated the process
  17. ASP.NET Core change EF connection string when user logs in
  18. What’s the difference between ASP.NET 5, .NET Core, and ASP.NET Core 5? [closed]
  19. ASP.Net Core MVC – Client-side validation for custom attribute
  20. ASP.NET 5 project hosting on IIS
  21. What is the difference between ‘dependencies’ and ‘frameworkAssemblies’ in project.json?
  22. Project template for Visual Studio 2015
  23. Bind Dictionary with list in viewmodel to checkboxes
  24. ASP.Net Core 1.0 RC2 : What are LAUNCHER_PATH and LAUNCHER_ARGS mentioned in web.config?
  25. Dealing with large file uploads on ASP.NET Core 1.0
  26. ASP.NET core JWT authentication always throwing 401 unauthorized
  27. Too many cookies OpenIdConnect.nonce cause error page “Bad Request – Request Too Long”
  28. ASP.NET Core RC2 SignalR Hub Context outside request thread
  29. Cannot read configuration file due to insufficient permissions
  30. Difference between HttpRuntime.Cache and HttpContext.Current.Cache?

Leave a Comment