Tratcher
commented
4 years ago See https://github.com/aspnet/AspNetKatana/wiki/Debugging for instructions to enable logging to see if that captures any errors.
Eventually I'd expect that code to call something like this: https://github.com/aspnet/AspNetKatana/blob/635c92f641ad1e014eead31cc7a365004949fda5/src/Microsoft.Owin.Security.OAuth/OAuthBearerAuthenticationHandler.cs#L22
But you'd want to ask the IdentityServer folks for the details on their setup.
I have an old application using Forms Authentication and I am trying to add service-to-server authentication to it using Identity Server 4. So, I have added some Owin/Katana setup code to it and I am using this code (from package
IdentityServer3.AccessTokenValidation):This does not work (I get no identity back), so I debugged the package code (
The result returned on this active breakpoint is always null.
(The
IdentityServer3.AccessTokenValidation) and found out that it "fails" in this place:_options.AuthenticationTypeisBearerhere, from what I remember) I have verified that the incoming request contains an access token that can be validated successfully by the introspection endpoint of IS4.Could you maybe tell me what could be wrong here with
AuthenticateAsync()and what I can do to make it work (not return null)? I have tried to follow the code of this repository, but there is a lot of global variables at play (e.g. in the the IOwinContext) that I have no idea where they come from...Any hints are welcome. If this doesn't work, I am thinking of using an HttpModule that calls the introspection endpoint of IS4, to validate the token and set the Identity. But this is custom security code, so it might be good to avoid it...