Last post Jun 14, 2018 03:28 PM by bruce (sqlwork.com)
Jun 12, 2018 01:18 AM|kofifus|LINK
I create a simple .NET Core 2.1 server using "Identity as UI" with the default template, and then add some methods
I now need to create .NET Core 2.1 console app client to consume these methods but I can't find anything on how to authenticate that client with the server (with an email & password). In particular I want to authenticate and then get the authentication cookie
so that I can later feed it to ie SignalR WithCookie.
As far as I understand this should be possible without an external framework like IdentityServer.
How do I do that ? is there any sample code anywhere ?
Jun 12, 2018 10:20 AM|mgebhard|LINK
It's uncommon for code to authenticate to a UI. Cookies are used in browser based applications. It simply more work to invoke a POST an HTML form to a UI action, handle antiforgery, and persiste/manage an auth cookie. The common approach is a central
authentication service exchanges a token for user credentials. The client application passes the token to secured resources and the secured resource validates the token.
However, you can use the HttpClient to persist an auth cookie.
The mentioning of SignalR WithCookie needs a bit more explanation. Are you trying to connect a console app to web sockets? Can you explain what you are trying to do at a high level?
Maybe you want mixed authentication/authorization?
Jun 12, 2018 10:50 PM|kofifus|LINK
First of all thanks for replying !
Our architecture is for a single web server to serve:
- pages for a browser clients
- SignalR for for browser clients
- SignalR for desktop clients (console apps deployed as windows services)
I am trying to avoid duplicating/separating the authentication and authorization logic for the browser and console apps, hence my question.
Your comments and suggestions are appreciated
Jun 14, 2018 02:54 AM|Edward Z|LINK
Before authenticating from Console app, I would suggest you try to capture the request from browser to Asp.Net Core, and then use this token in SignalR for desktop client, will it work?
If it does, then, you could try to provide the account & password to Asp.Net Core to generate the token, and then attach this token to the SignalR.
Jun 14, 2018 03:28 PM|bruce (sqlwork.com)|LINK
there are two choices:
1) web view - your console app mimics a user. it requests the logon page, follows the redirect to the login server, posts the correct form data, uses the response url and cookie to redirect back to the site to get the access cookie. it can then use the cookie
to access the site.
2) hybrid flow. your console app calls a login api on the identity server to get a login token. it then calls a api on the website to get an access token (or cookie) from the login token.