IdentityServer4.AccessTokenValidation | IdentityServer Access Token Validation for ASP.NET Core | Authentication library

I have a set up of Identity Server 4, Asp.Net Core SignalR Hub, and JavaScript client. When I try to connect to the SignalR Hub, the "negotiateVersion: 1" pass correctly but the request to the hub doesn't pass at all. The error in Chrome is "HTTP Authentication failed; no valid credentials available" and 401 status code in FireFox. The id and the access token are present in the query. I try different examples but with no desired result.

Versions: Identity Server 4 - .Net Core 2.1

• IdentityServer4.AspNetIdentity(2.5.0)

Asp.Net Core SignalR Hub - .Net Core 3.1

• IdentityServer4.AccessTokenValidation(3.0.1)
• Microsoft.AspNetCore.Authentication.JwtBearer(3.1.7)

JavaScript Client

• signalr.min.js v4.2.2+97478eb6

Here is my configuration in Identity Server: Config.cs

i am trying to integrate Identity Server 4 with Ocelot and authenticate WebApp (asp.net core 3.1) then access the api if request is authenticated.

for this i have created a solution having

• Gateway- Ocelot(latest)
• IdentityService - Identity Server 4(latest)
• Sample API (asp.net core 3.1 web api)
• WebApp (asp.net core 3.1 web app)

I have added [Authorize] attribute to one of action method in homecontroller in webapp.

all above are running in docker with docker compose.

What i am able to

• hit api through Gateway
• run web APP and see UI
• WellKnown endpoint and its responding from IdentityService
• IdentityService is redirecting the browser Login page

What i am not able to

• On login page when i login with bob/bob, it remain same login page.
• I debug the login method and found that user is successfully validated and in the end it creates a redirect URL as below

I have an API (.net core 2.2) protected and working fine with Identity server.

I need to upgrade this API to .net core 3.1. So I started fresh with a core 3.1 API project and added in the controllers, dbContext and the middleware... I have tried to match the middleware as close to the 2.2 as possible (which may be my problem) but I am receiving a 401 unauthorised on methods decorated with [Authorize] (without even declaring any roles or policies, just a simple Authorize). If I take off the [Authorize] this works fine... so here lies the problem.

I have tried to find examples of upgrading the API from 2.2 to 3.1 from a middleware IdentityServer point of view, but only able to find examples of upgrading IdentityServer itself (not a protected API) between these versions.

I have also analysed the User claims in the API method, which all look fine. This works fine on 2.2, so I think this must be to do with the middleware, but I'm not sure... can someone point me in the right direction please? Here is my startup file:

I keep getting the following error between postman and IdentityServer 4

I have already a working identity server 4 in a .net core application.

I'm having issue to call authorize api from react SPA. It's working if removed the [Authorize] attribute in the controller/action, but once added in the attribute, the response goes to SPA home page.

Project Structure

• IdentityServer (.net core 3.1 mvc with IdentityServer4 *reference token type)

• Login (authentication with IdentityServer and auth callback to Portal)

• Portal (.net core 3.1 react SPA, use IdentityServer4.AccessTokenValidation to validate

react

I have two different client applications that connect to the same API client. I want one to have readonly access (Get calls only) and the other to be able to write as well (Get, Put, Post, and Delete calls). How should I accomplish this?

Final solution:

This is ultimately what I did. It is important to note that this solution requires an additional library.

https://www.nuget.org/packages/IdentityServer4.AccessTokenValidation/ or https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation