identity server 4 securing api on the same project

Question

We are using IdentityServer as an openid provider for our web applications and APIs resources. I want to expose a secure api endpoint on identity server for editing users, somehow I can not get configuration working. my client is angular and I have a valid bearer token.

app.UseCors("AllowSpecificOrigin");
app.UseIdentity();
app.UseIdentityServer();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationScheme = "Cookies"
});

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
   {
      Authority = Configuration["AuthServerUrl"],
      ScopeName = "api",
      AutomaticAuthenticate = true,
      AutomaticChallenge = true,
      RequireHttpsMetadata = false
   });

any help will be appreciated.

adem caglin adem caglin · Accepted Answer · 2016-10-31T12:45:06

You can branch your application with using MapWhen like below:

         app.MapWhen(x => x.Request.Path.StartsWithSegments("/custom"), builder =>
         {
             builder.UseCookieAuthentication(new CookieAuthenticationOptions
             {
                AuthenticationScheme = "Cookies"
             });

             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

             builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
             {
                 Authority = Configuration["AuthServerUrl"],
                 ScopeName = "api",
                 AutomaticAuthenticate = true,
                 AutomaticChallenge = true,
                 RequireHttpsMetadata = false
            });
            // .....
         });
         app.UseIdentity();
         app.UseIdentityServer();
         //...

identity server 4 securing api on the same project

1 Answers