How to remotely access the Identity Manager API hosted on IdentityServer3?

1
votes

I have searched and found something but without full documentation here.

Could someone please give me a step by step explanation?

I have IdentityServer3 well-configured and I confirm that I can access the IdentityManager through the browser and manage users perfectly. Now, I need to manage users but from another custom made application. So I need to:

  1. Login through the custom app

  2. Manage users through the Idm API.

I have used the "ResourceOwner" grant and used the "idmgr" scope to get an access token: https://localhost:44376/ids/connect/token.

But when I use that token to access https://localhost:44376/idm/api/users?count=10&start=0, I get the message "Authorization has been denied for this request."

1
oauth-2.0authorizationidentityserver3identitymanager
Do you have correct role claim set for logged in user? stackoverflow.com/questions/35677334/…rawel
@rawel I have 2 roles "Administrator" and "IdentityManagerAdministrator", setup for this userJalal El-Shaer
Did you ever get this working?Kris Coleman
Unfortunately no.Jalal El-Shaer

1 Answers

0
votes
        var client = new HttpClient();
        var dic = new Dictionary<string, string>();
        dic.Add("client_id", "mvc");
        dic.Add("client_secret", "secret");
        dic.Add("grant_type", "password");
        dic.Add("scope", "openid profile");
        dic.Add("username", "[email protected]");
        dic.Add("password", "P@ssword1");

        var content = new FormUrlEncodedContent(dic);

        var msg = client.PostAsync("https://localhost:44383/identity/connect/token", content).Result.Content.ReadAsStringAsync().Result;
        string token = Newtonsoft.Json.JsonConvert.DeserializeObject<dynamic>(msg).access_token;

        var jwt = new JwtSecurityToken(token);
        var identity = new ClaimsIdentity("ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
        foreach (var c in jwt.Claims)
        {
            var t = c.Type;
            var v = c.Value;

            identity.AddClaim(new Claim(t, v));

        }
            IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication;
            authenticationManager.SignOut("ApplicationCookie");
            authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);

        return Redirect("Index");