Coffeehouse Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Completely lost on token-based Identity

Back to Forum: Coffeehouse
  • User profile image

    We have a custom STS developed that serves up JWTs. Our general workflow for client apps should be:

    1. Get token from user cookie.

    2. Verify token with STS (or redirect user to STS login page if no/invalid token).

    3. Continue as normal, having grabbed some user info from the token (name, photo, roles, etc.).


    I am completely lost as to where to start on the client side. I'd love to tie into Identity so we can use Authorize and the context.User object. Do I need to do something with WIF?

    Every example I've found seems to assume I want to use forms auth, which I do not want. The client app should solely look at this token on every request.


    edit - wait, I guess I will need an app cookie since there's no way I get a cookie from another domain. Gah, I'm so confused.

  • User profile image

    I knoe this is not the most current but as a starting point have you looked at any of the .net source code for the provider interface for doing membership providers ?

    there is sample code for the standard ones and for one that uses active directory.

    I know in the new .net versions that they have done some other stuff but some time looking athow the forms auth / membership works should help some.

    I took that and modified it to work with RSA tokens a while back for one project.

  • User profile image

    Okay I think things are starting to come together.


    I believe I'll need a custom Owin AuthenticationHandler. This should let me tie into the data getting posted back to my app and create a ClaimsIdentity with it.

    From here I think it's just working out the details. Of course, if anyone has helpful blog posts/articles/videos explaining the Owin Auth pipeline, it would be much appreciated. This one got me started.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.