Coffeehouse Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Completely lost on token-based Identity

Back to Forum: Coffeehouse
  • User profile image
    spivonious

    We have a custom STS developed that serves up JWTs. Our general workflow for client apps should be:

    1. Get token from user cookie.

    2. Verify token with STS (or redirect user to STS login page if no/invalid token).

    3. Continue as normal, having grabbed some user info from the token (name, photo, roles, etc.).

     

    I am completely lost as to where to start on the client side. I'd love to tie into Identity so we can use Authorize and the context.User object. Do I need to do something with WIF?

    Every example I've found seems to assume I want to use forms auth, which I do not want. The client app should solely look at this token on every request.

     

    edit - wait, I guess I will need an app cookie since there's no way I get a cookie from another domain. Gah, I'm so confused.

  • User profile image
    figuerres

    I knoe this is not the most current but as a starting point have you looked at any of the .net source code for the provider interface for doing asp.net membership providers ?

    there is sample code for the standard ones and for one that uses active directory.

    I know in the new .net versions that they have done some other stuff but some time looking athow the forms auth / membership works should help some.

    I took that and modified it to work with RSA tokens a while back for one project.

  • User profile image
    spivonious

    Okay I think things are starting to come together.

     

    I believe I'll need a custom Owin AuthenticationHandler. This should let me tie into the data getting posted back to my app and create a ClaimsIdentity with it.

    From here I think it's just working out the details. Of course, if anyone has helpful blog posts/articles/videos explaining the Owin Auth pipeline, it would be much appreciated. This one got me started. https://coding.abel.nu/2014/06/writing-an-owin-authentication-middleware/

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.