RolandGuijt
commented
4 weeks ago When AddLocalApiAuthentication is called a dedicated handler for local API authentication is registered together with a policy that looks like this:
services.AddAuthorization(options =>
{
options.AddPolicy(IdentityServerConstants.LocalApi.PolicyName, policy =>
{
policy.AddAuthenticationSchemes(IdentityServerConstants.LocalApi.AuthenticationScheme);
policy.RequireAuthenticatedUser();
});
});The policy is configured to use the scheme name that belongs to the registered local API handler.
The reason your setup doesn't work is that when RequireAuthorization is called the default scheme is assumed which is not the local API scheme but the standard cookie scheme of IdentityServer.
To get this to work please use the overload of RequireAuthorization that takes a policy name and set it to the policy above:
app.MapControllers().RequireAuthorization(IdentityServerConstants.LocalApi.ScopeName);
MH61Aus
Which version of Duende IdentityServer are you using?
7
Which version of .NET are you using?
8
Question - I'm trying to add API endpoints to my Identity Server. So far I've followed what I can here: https://docs.duendesoftware.com/identityserver/v7/apis/add_apis/
I'm still investigating why I'm not able to hit the endpoint from my web client (i'm attaching access token with AccessTokenManagement).
If I remove RequireAuthorization from
app.MapControllers().RequireAuthorization();it connects just fine. With RequireAuthorization, I'm not getting a proper response (i.e. Forbidden, etc), because I'm getting a success, since its just sending the login page back to my httpclient.How do I tell the IdentityServer not to redirect requests to the API controllers to the login page?
Also, thought I'd note that there's nothing in the samples repo using the local API.