0
votes

How to Validate OpenID Connect Access Token generated by identityserver4 in ASP.NET WEB API.

The Scenario is

  1. I have one Angular Client Application which is getting one OpenID Connect Access Token after Login.
  2. Now That Client Application wants some information from one ASP.NET API. Client can call the API along with the Access Token.

But Question is, How should I validate that Token in my ASP.NET API???

I can easily do that in ASP.NET CORE API.

BUT I NEED Solution to do the same in ASP.NET API. (Not in core) Thanks in advance.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication(o =>
                {
                    o.ApiName = "APINameRegisteredInIdentityServer";
                    o.ApiSecret = "SomeAPISecreteValue";
                    o.Authority = "MyAuthorityURL";
                    o.SaveToken = true;
                    o.SupportedTokens = IdentityServer4.AccessTokenValidation.SupportedTokens.Both;
                });
1

1 Answers

0
votes

You can use the IdentityServer3.AccessTokenValidation OWIN middleware package, even for Identity Server 4 tokens - https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation.

There are samples here - https://github.com/IdentityServer/CrossVersionIntegrationTests