i have a question
twofactor authentication is outofbox feature so can we implement the twofactor authentication in the accountconntoller/login(postmethod) like.
when the user is login to the application can we check user is eligible for the RequiresTwoFactor and then implement the customziation for the two factor authentication.
var user = await _signInManager.UserManager.FindByNameAsync(model.Username);

// validate username/password using ASP.NET Identity
var result= await _signInManager.CheckPasswordSignInAsync(user, model.Password, true));
if (user != null && result.Success)
{
//credential based authentication

}
else if (result.RequiresTwoFactor)
{
//can we write our twofactor authentication here.
}
can you please help to correct me if i'm may wrong also.
looking for best solution for twofactor authentication.

Hi Scott,

I am trying to get your example working and can't understand why logout it not working.

Steps

1. download zip, open in VS 2017 (note: did not make any code changes)
2. run project ScottBrady91.IdentityServer4.Example ONLY
3. login as scott / Password123!
4. go to menu under scott and select logout. on screen that comes up select "yes".
5. click "IdentityServer4" in header.
6. user scott is still logged in.

It seems the authentication cookie is not deleted or expired. Thought I was on to something when I read this in your article.

https://www.scottbrady91.com/Identity-Server/Getting-Started-with-IdentityServer-4#ASPNET-Core-Identity

Because ASP.NET Identity also changes the default authentication scheme, any instances of IdentityServerConstants.DefaultCookieAuthenticationScheme and IdentityServerConstants.ExternalCookieAuthenticationScheme, should be changed to IdentityConstants.Application and IdentityConstants.ExternalScheme respectively.

Thanks,
David

Trying to work through your blog post which includes this project and when I try to load this project using VS 2015 Enterprise I get "We were unable to automatically populate your Visual Studio Team Services Account."

How do I get around this?

I clone the repo and build in VS2017 run and when I click on

Click here to manage your stored grants.

I get the following:

InvalidOperationException: No authentication handler is configured to authenticate for the scheme: idsrv

Note:_if am able to set TABLESPACE from MIgartion generated code this issue I can overcome, Please let me know any way to do it?

ISSUE

PM> dotnet ef database update --context "PersistedGrantDbContext" --project "D:\Zephaniah_3_17\Work\Advicent\SourceCode\Oauth\DataAccess\Advicent.AuthServer.DataAccess\Advicent.AuthServer.DataAccess.csproj"
Build started...
Build succeeded.
Applying migration '20200828223535_InitialIdentityServerPersistedGrantDbMigrationDb2'.
Failed executing DbCommand (322ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
CREATE TABLE DeviceCodes (
UserCode varchar(200) NOT NULL,
DeviceCode varchar(200) NOT NULL,
SubjectId varchar(200),
ClientId varchar(200) NOT NULL,
CreationTime timestamp(6) NOT NULL,
Expiration timestamp(6) NOT NULL,
Data varchar(32672) NOT NULL,
CONSTRAINT PK_DeviceCodes PRIMARY KEY (UserCode)
);
IBM.Data.DB2.Core.DB2Exception (0x80004005): ERROR [54010] [IBM][DB2/NT64] SQL0670N The statement failed because the row or column size of the resulting table would have exceeded the row or column size limit: "32677". Table space name: "". Resulting row or column size: "33513".
at IBM.Data.DB2.Core.DB2Connection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode)
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQueryObject(Boolean skipInitialValidation)
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQueryObject()
at IBM.Data.DB2.Core.DB2Command.ExecuteNonQuery()
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQuery(RelationalCommandParameterObject parameterObject)
at Microsoft.EntityFrameworkCore.Migrations.MigrationCommand.ExecuteNonQuery(IRelationalConnection connection, IReadOnlyDictionary2 parameterValues) at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQuery(IEnumerable1 migrationCommands, IRelationalConnection connection)
at Microsoft.EntityFrameworkCore.Migrations.Internal.Migrator.Migrate(String targetMigration)
at Microsoft.EntityFrameworkCore.Design.Internal.MigrationsOperations.UpdateDatabase(String targetMigration, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.UpdateDatabaseImpl(String targetMigration, String contextType)
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.UpdateDatabase.<>c__DisplayClass0_0.<.ctor>b__0()
at Microsoft.EntityFrameworkCore.Design.OperationExecutor.OperationBase.Execute(Action action)
ERROR [54010] [IBM][DB2/NT64] SQL0670N The statement failed because the row or column size of the resulting table would have exceeded the row or column size limit: "32677". Table space name: "". Resulting row or column size: "33513".

What strategy would you take when taking into consideration that you could also have different roles in each tenant?

My initial thoughts are to implement some custom logic to support this via ApplicationUser & ApplicationRole when registering Identity e.g.
services.AddIdentity<ApplicationUser, ApplicationRole>(), which is similar to your approach here:
https://www.scottbrady91.com/aspnet-identity/quick-and-easy-aspnet-identity-multitenancy

An alternative may be to use the AddAuthorizeInteractionResponseGenerator :

services.AddIdentityServer()
                .AddAuthorizeInteractionResponseGenerator<AccountChooserResponseGenerator>()

As discussed here:
https://blog.bitsrc.io/using-identity-server-for-multi-tenant-web-applications-c511ffa3e428

Thank you!

Config.cs generates a test user with username scott, password password. This is unable to login. Invalid username or password error.

internal class Users
{
public static List Get()
{
return new List
{
new TestUser
{
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
Username = "scott",
Password = "password",
Claims = new List
{
new Claim(JwtClaimTypes.Email, "[email protected]"),
new Claim(JwtClaimTypes.Role, "admin")
}
}
};
}
}

Hi Scoot,
I have an application in SQL, as per one of our client requirements we should able to support DB2 also along with SQL.
We have created POC support DB first and code first as shown below IBM part details which work fine.
https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.swg.im.dbclient.adonet.doc/doc/c0070470.html
In SQL we created the OAuth server using identityserver4, now this create a migration script for migrating ConfigurationDbContext and PersistedGrantDbContext, We are not able to do the same migration for ConfigurationDbContext and PersistedGrantDbContex with DB2, does identity sever migration does support db2 also. please give me your guidance implement using DB2.

With Thanks,
Fijo Francis T

Question: you are using this method to initialize the database and seed data from the configuration file.

After initialize and configuration, how can you still add other users or update information?
I modified something in the config file and update the database but nothing changes in my database.

We are using Identity Server4. What are the maximum token lifetime values of these tokens?
The default values are

Access Token Lifetime: 3600
Identity Token Lifetime: 300
Absolute Refresh Token Lifetime: 2592000
Sliding Refresh Token Lifetime: 1296000
Authorization Code Lifetime: 300
I need the maximum lifetime values of these tokens for validation purpose.

Navigating to a protected route i.e /Home/Privacy redirects to IS4 login page. Clicking the cancel button results in an unhandled exception

OpenIdConnectProtocolException: Message contains error: 'access_denied', error_description: 'error_description is null', error_uri: 'error_uri is null'.

Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)