Comments on: IdentityServer4 Authorization and Working with Claims

By: MarinkoSpasojevic

MarinkoSpasojevic — Fri, 16 Dec 2022 09:33:23 +0000

In reply to Tom.

There is always the option of refreshing a token. It is a bit of a process with IS4/Duende which we didn’t cover in our articles, but we covered it in our Security book.

By: Tom

Tom — Fri, 16 Dec 2022 02:48:36 +0000

Test User Mick was revoked the “Admin” claim. If User don’t re-login, how to update access_token

By: Marinko

Marinko — Fri, 15 Jan 2021 04:46:27 +0000

In reply to lokumas.

Hi Lokumas. I really can’t help you with that as I didn’t work with RabbitMQ nore MassTransit. I know the concepts behind these two, but still I don’t have enough knowledge to even try answering your question.

By: lokumas

lokumas — Fri, 15 Jan 2021 03:48:41 +0000

Hi Marinko,
I would like to ask you about using access tokens in a distributed app where we do not use HTTPClient and its headers to attach the access-token to reach the webapi but through a message bus facility such as Rabbitmq or Masstransit on top of Rabbitmq. In such cases, how could we send the token along with the real data? Do you think it is good idea to provide a field for the access-token in the data object transmitted f and decode it in the receiving microservice? Is there such a sample example that you know of? Thank you.

By: Marinko

Marinko — Mon, 21 Dec 2020 09:07:27 +0000

In reply to lokumas.

Hi Lokumas. To be honest, I didn’t face the error like that. All I can advice in this moment is to try running our source code. That one works 100%. If it doesn’t work on your machine, then it is probably related to your local machine. Also, try inspecting the logs in the console. This can tell even more about the error.

By: lokumas

lokumas — Mon, 21 Dec 2020 06:54:46 +0000

Hi, I forgot to mention in my previous message when I get the error. I run the mvc client app and be redirected to the ID server login page. I login and a consent page appears. I accept the defaults and hit the button. That is where I get login failed with the remote server. Correlation error or something like that.

By: lokumas

lokumas — Mon, 21 Dec 2020 06:37:13 +0000

Hi Marinko, I have been following the chapter securing the mvc web client from your book. I am using asp.net core 5 and ID server package 4.11. When I register the client with ID server and try to get data from the unsecured webapi, I get Correlation Exception in the frontend. I searched in the internet about the possible remedies. Some folks say it is something to do with new versions of the Google chrome’s SameSite policy but I am having the same problem with other browsers as well. Any idea how to solve this problem.
Thank you for your help beforehand.

By: Zoltan Halasz

Zoltan Halasz — Mon, 02 Nov 2020 07:32:08 +0000

In reply to Marinko.

It works, thanks.

By: Marinko

Marinko — Mon, 02 Nov 2020 05:54:35 +0000

In reply to Zoltan Halasz.

I think you still haven’t applied migrations on the API side. Just do it as I described in the previous comment. This should solve the problem.

By: Zoltan Halasz

Zoltan Halasz — Mon, 02 Nov 2020 05:41:58 +0000

Hello,

after starting the three projects from the Github repo, and logging in with Mick’s credentials, again I have the error: “Exception: Problem with fetching data from the API: Internal Server Error
CompanyEmployees.Client.Controllers.HomeController.Index() in HomeController.cs, line 44”