Closed ghost closed 11 years ago
Just found this... moving forward. Thanks for a great framework and these samples.
it looks like OAuth2 callbacks is the only way to handle this with out username password. Simplest way?
Not sure what you mean with "without username password" - but idsrv does not have anything built in to issue "keys". You may built on top of it - but nothig out of the box.
Thanks, I was hoping that the Identity Server could help me generate and manage my preshared keys (PSK) since I will need them for some of my WebApis, and since PSKs will be distributed to the same users that have an STS/SSO account on the thinktecture STS.
No. sorry. You need to do that yourself.
I'm a big fan of thinktecture which I already use for MVC/Azure single sign on but I am having trouble weeding through the various options to secure an MVC4 WebApi. I need to create and distribute unique secret keys to systems that access my WebApi -- similar to the access keys used for the Azure APIs -- and not require humans to login each time the WebApi will be used. Can I use the thinktecture admin console and thinktecture/WIF-APIs to issue and check validity of these keys for the respective thinktecture user/identity? At best, I'd like to retrieve the claims associated with the key from the thinktecture IdSrv on an as-needed-basis as well. The keys are for system-internal use only and should be the only thing needed uniquely identify the connecting party (over x.509 TLS). There are other options, but I'd like to stay within a clean thinktecture scenario here if possible.
Can anyone provide a crumb trail or point me to an example or post? .
Thanks!
Thoughts:
This looks close to what i need but i don't see the complete usage context anywhere. example? http://leastprivilege.com/2012/08/20/support-for-x-509-client-certificates-in-thinktecture-identitymodel-for-web-api/
OK, I ordered "Pro ASP.NET Web API Security: Securing ASP.NET Web API" but a tip in the meantime would be appreciated.