IdentityServer3 .Net Web API. Getting error - Authorization has been denied for this request

0
votes

I am trying to setup authentication for my .net webapi using identityserver3.

This is my code in Owin.Startup of the Authentication server project

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        // hardcoded list of clients, scopes and users

        var factory = new IdentityServerServiceFactory()
            .UseInMemoryClients(clients)
            .UseInMemoryScopes(scopes)
            .UseInMemoryUsers(users);

        app.UseIdentityServer(new IdentityServerOptions
        {
            SigningCertificate = new X509Certificate2($@"{AppDomain.CurrentDomain.BaseDirectory}\bin\my_selfsigned_cert.pfx", ConfigurationManager.AppSettings["certificatekey"]),
            RequireSsl = false,
            Factory = factory
        });
    }

And the following is the code in my web api owin startup

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "http://localhost:45230"
        });

        app.UseWebApi(GlobalConfiguration.Configuration);
    }
}

My authorization server seems to work when I try to login in the identity servers login page. I am also able to retrieve authorization token by posting to /connect/token However when I use the bearer token thus received to call my webapi method below, it's always failing with error "{"Message": "Authorization has been denied for this request."}

Api -

[HttpGet]
    [Authorize]
    public IEnumerable<Customer> Get()
    {
        var customerRepository = new CustomerRepository();
        return customerRepository.GetCustomers();
    }

Can somebody please suggest what i am missing ?

1
c#asp.netasp.net-web-apioauth-2.0identityserver3
Probably mistaken, but don't you need to specify the scope of your application?uk2k05
https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html appears to have some decent screen grabs on how to setup the Startup.cs and create the correct scopesuk2k05
scope-openid was passed to auth server while doing a post to /connect/token to get the access token. Also the list of available scopes are provided to auth server as inmemory collection (code is provided). The screen grabs explains different flow/grant, which uses login page. In my case i am securing my webapi and there is no ui involved.Anoop

1 Answers

0
votes

Microsoft.Owin.Host.SystemWeb

Installed this nuget to my web api project as suggested in here and it started working !!