brockallen
commented
9 years ago I don't follow -- you have a custom API that you now want to secure?
Closed simplynewbie closed 9 years ago
brockallen
commented
9 years ago I don't follow -- you have a custom API that you now want to secure?
simplynewbie
commented
9 years ago yes, exactly, with Oauth2 IdentityServer2 :D but this API is created in VisualStudio10 with mvc4. I hope it's no problem.
In the samples folder, flows only return information of users because of ViewClaims.cs and IdentityController.cs. And i think i need create other Claim/ClaimController classes to my api. But i need it return this:
Example Resource Owner Password Flow, i try editting program.cs static Uri _baseAddress = new Uri(Constants.WebHostv1BaseAddress); to static Uri _baseAddress = new Uri(Constants.WebHostTestBaseAddress);
Token returns normally but when it calls service, var response = client.GetAsync("identity").Result; response.EnsureSuccessStatusCode(); has error "Response status code does not indicate success: 404 (Not Found)"
simplynewbie
commented
9 years ago And can you explain or give me a link which show me how security of your resource server work? It's better if i can read. I'm very bad at hearing. Thank you.
brockallen
commented
9 years ago You're getting a 404 as the status code it seems -- that means you're not even hitting the correct URL for your service.
simplynewbie
commented
9 years ago thank you, i found and edited "identity" to my api service link and it's ok. :D
I try to add my project to your ResourceServer (RS) web_api_v1 and paste to a new folder and bind to another port. And i have this problems about IIS: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" My AS used selfssl tool (www.think.com) port 443 And my RS: port 44500 If i use selfssl tool (www.thinkrs.com) it happens in Request Tokens:
If i use normal self-certificate (*.thinkrs.com) it happens in Calling service:
i added certificate to trust root and shared to network service, too.
(same as certificate www.thinkrs.com)
but it's still
https://www.thinkrs.com:44500/api/content/search/?name=Sim&age=15 normally shows result. content is {controller}, search is {action} https://www.think.com/authz/Admin/Global (and other links) normally works
Can you help me more? And pls show me the security endpoint of your ResourceServer web api v1. Thank you.
brockallen
commented
9 years ago I'm sorry, I just don't understand what the question is related to AuthorizationServer. We don't do consulting here in github, we answer questions about the OSS.
simplynewbie
commented
9 years ago OK, i'm sorry about this. Thank you so much for helping.
I created an web API to search databases from SQL Server, now i want to "transform" it to be a resource server (such as web API v1 in Samples - Oauth2 Flows solution). Can you tell me where i need change? (example: config , controller, model.. etc).
I'm using thinktecture IdentityServer v2.5, your AuthorizationServer-master.
I tried to include my project and copy paste ViewClaim.cs to its models but "using System.Security.Claims;" can not work. I can not find Reference to it.