Closed buybackoff closed 9 years ago
My main concern was that I want identity server to be hosted at mydomain.com/id
, webapi at mydomain.com/api
, and Web UI at mydomain.com
as a SPA. I needed id server to support not only user logins, but clients. The easiest solution seems to be hosting the identity server as a separate child application of existing application in IIS at /id
path.
There is a great explanation of different options here: http://stackoverflow.com/questions/24189181/how-do-i-host-a-web-application-and-an-api-from-the-same-server-while-keeping-th
Haven't implemented the entire setup yet so will keep this issue open in case someone could comment further.
Since you're running them together, you can simply set the config info via the other IdentityServerBearerTokenAuthenticationOptions config values (IssuerName and IssuerSigningToken).
I think the issue noted above is specific to version 2.0.0. In 2.0.0 (dev branch), the IssuerName field no longer exists in IdentityServerBearerTokenAuthenticationOptions and I don't see a property to store IssuerSigningToken either.
I have a similar configuration to what is described above, and until today, I had been running 2.0.0-rc1. When upgraded to rc3 this morning, I began to experience the same issue. Everything worked fine for rc1, but from what I can tell (I reverted back to rc1 and then incrementally upgraded), the issue was introduced in rc2. The application goes into deadlock as described by @buybackoff
I added it back - it is on the dev branch and myget. wanna try it?
I pulled down IdentityServer3.AccessTokenValidation.2.2.0-build00030 and followed Brock's advice above and everything is now working as expected. Thanks
I'm facing the same "deadlock" problem while configuring API and IdentityServer in the same application. Everything was working fine until I update to the last version
Any help is welcome ! (maybe by clarifying the Brock's advice above :-))
Configure IssuerName and SigningCertificate manually. That fixes it.
@leastprivilege How to configure IssuerName and SigningCertificate manually? I'm facing deadlocks in this same situation too, but I didn't understand yet how to apply your solution in the code. Do you have any snippet you could show us how to apply this fix?
I have an Id server from examples:
When I add this to either top-level pipeline or just to
app.Map("/api", appApi => {
I have an error "IDX10803: Unable to create to obtain configuration from... "I looked into existing issues about bad SSL etc., but after I added all source code to my project I realized that
UseIdentityServerBearerTokenAuthentication
callsRetrieveMetadata()
synchronously, but this is not possible because we are in the Startup and IdSrv is not yet working until we finish the entire startup config. So there is a deadlock.In the MVC example I see that API in a separate project, but this is less convenient. I have a project based on the standard MVC5 template. I have WebAPI controllers in a separate assembly, but they are all hosted together with a couple of MVC controllers in a WebHost project.
Is there a way to use bearer tokens in a setup with a single host? Or how to configure the existing MVC5 bearer token support to use IdSrv3 tokens?