/IDS4-Sample

Full demo of setting up an IDS4 instance and protecting an api and client app with it.

Primary LanguageC#MIT LicenseMIT

IDS4 Use

Badges

Build status

Setup

  • Multi Project Debug

multi debug

  • SSL

    1. cd "c:\Program Files (x86)\IIS Express"
    2. IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44385/ -UseSelfSigned
    3. IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44386/ -UseSelfSigned
    4. IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44310/ -UseSelfSigned
    5. IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44302/ -UseSelfSigned
    6. IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:44303/ -UseSelfSigned
    7. Debug and trust all certificate trust prompts

  • Client UI

    PowerShell.exe -ExecutionPolicy Bypass -File src/AdminUI/build-client.ps1

Running

You may need to run twice. The database will be created for you but if it doesn't exist, it may have a hiccup. Just run again.

Credentials

See Admin Seed Data. All the clients, resources, scopes wil have been created for you. You can delete them in the ui and next time your run, they will be created again. See Identity Seed Data to see the admin user login. It is recomended you register another user. You can assign that user the Administrator role to keep admin clean.

  • API: Swagger is configured with correct client credentials already

authorize btn authorize dlg

Things to try

  1. First thing, register a user so you don't use the admin user to do things.

  2. Try out the swagger api page and try calling the api with different combinations of scopes and not authorized. Try runnimng the post api endpoint with the following scopes checked only read

  3. In the mvc site, try clicking privacy or weather links logging in as a registered user.

    1. Try unchecking some of the requested scopes and see what it does to the functionality. You will have to logout and then log back in to get the consent again consent
    2. Click privacy link to see claims

  4. Useful powershell script to generate secrets

  $sec = ""
  $cnt = 1
  For ($i = 0; $i -le $cnt; $i++) {
        $id = [guid]::NewGuid()
            $sec += $id.ToString("D")
            if ( $i + 1 -lt $cnt) {
              $sec += "-"    
            }
        }
    $sec

Room For Improvement

  • Try making the vb client call the weather api.
  • Add to the mvc weather page ui and functionality to call the POST endpoint to the weather api and see if you can display the results.
  • See what happens when you only allow read scope and try calling the POST endpoint. Try adding error handling or even ui updating to prevent the user from even trying
  • In consent screen uncheck access to scopes and see what exceptions it causes. Figure out how to handle those situations
  • Actually use refresh tokens when token has expired.

See AdminUI readme and skoruba/IdentityServer4.Admin for more info and setup.