1. Home
  2. Forum
  3. ASP.NET Core
  4. Authorization with Identity Server 4

Authorization with Identity Server 4

Hi support, i have a little problem with an application that use the Identity Server 4.

I have a solution with a webapp, authorization server and api resource.

The api resource is protected to prevent unathorized access from the identity server. From the webapp i need to call the follow webapi controller:

    [Authorize]
    [Produces("application/json")]
    [Route("api/Countries")]
    public class CountriesController : Controller
    {
        [HttpGet]
        public object Get()
        {

            List<Countries> countriesList = new List<Countries>(); ;

            countriesList.Add(new Countries(1, "ITALIA", "101", "1001", "20000101", "20001231"));
            countriesList.Add(new Countries(2, "FRANCIA", "102", "1002", "20000102", "20010101"));
            countriesList.Add(new Countries(3, "AUSTRIA", "103", "1003", "20000103", "20010102"));
            countriesList.Add(new Countries(4, "SVIZZERA", "104", "1004", "20000104", "20010103"));
            countriesList.Add(new Countries(5, "POLONIA", "105", "1005", "20000105", "20010104"));

            return new { Items = countriesList, Count = countriesList.Count };
        }
    }

Without Authorization all work very well when i add Authorization tha app take a 401 error.

Attached jou can find the calling page and the grid definition inside the partial view. How can i pass the authorization data from the mvc webapp to the grid ?

Thanks in advance
Stefano Capobianco



Attachment: grid_bb5ea4be.7z

4 Replies
MS Mani Sankar Durai Syncfusion Team October 23, 2017 11:37 AM UTC

Hi Stefano, 

Thanks for contacting Syncfusion support. 

We have analyzed your query and we are able to reproduce the reported issue when using [Authorize] in ASP.NET Core. When using Authorize we are not able to trigger get method in server side. To solve this we suggest you to add the following code before app.UseMvc in startup.cs page. 
Refer the code example 
 
using System.Security.Claims; 
using System.Security.Principal; 
... 
app.UseStaticFiles(); 
            app.Use(async (context, next) => 
            { 
                if (!context.User.Identities.Any(i => i.IsAuthenticated)) 
                { 
                    //Assign all anonymous users the same generic identity, which is authenticated 
                    context.User = new ClaimsPrincipal(new GenericIdentity("anonymous")); 
                } 
                await next.Invoke(); 
 
            }); 
... 

For more information please refer the below link 

We have also prepared a sample that can be downloaded from the below link. 

Refer the screenshot below 
 

Please let us know if you need further assistance. 


Regards, 
Manisankar Durai 


SC Stefano Capobianco October 26, 2017 08:10 AM UTC

Hi tanks for your answer. I'we see that is possible to set the headers in grid datamanager.

It's impossible to pass directly inside the tag the @await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.GetTokenAsync(httpContextAccessor.HttpContext, "access_token") instruction.


It's possible to pass with a javascript function ?

Thanks

Stefano Capobianco


SC Stefano Capobianco October 26, 2017 09:50 AM UTC

Hi i've found a workaround. I've added a load event in the header of ejGrid 

<ej-grid id="Grid" locale="it-IT" allow-sorting="true" allow-paging="true"

         is-responsive="true" enable-responsive-row="true" show-stacked-header="true"

         toolbar-click="GridToolbarClicked" action-complete="GridActionComplete"

         row-data-bound="GridRowDatabound" databound="GridShowToolbarTooltip"

         load="GridLoad">


and i've added the following function

        function GridLoad(args) {

            alert('@await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.GetTokenAsync(httpContextAccessor.HttpContext, "access_token")');

            this.model.dataSource.dataSource.headers = [];

            this.model.dataSource.dataSource.headers.push({ "Authorization": "Bearer " + '@await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.GetTokenAsync(httpContextAccessor.HttpContext, "access_token")' });

        }

and the authentication mechanism work fine

Thanks

Stefano Capobianco



MS Mani Sankar Durai Syncfusion Team October 27, 2017 05:05 AM UTC

Hi Stefano, 

Thanks for the update. 

We are happy to hear that your problem has been solved. 
Also please refer the Syncfusion Knowledge Base link of how to pass the custom headers to server 

Please let us know if you need further assistance. 

Regards, 
Manisankar Durai. 


Loader.
Up arrow icon