Skip to content

Latest commit

 

History

History
267 lines (198 loc) · 7.95 KB

openIddict-mvc.md

File metadata and controls

267 lines (198 loc) · 7.95 KB
Raw

OpenIddict MVC/Razor UI Migration Guide

Web Project (Non-Tiered Solution)

  • In MyApplication.Web.csproj replace project references:

    <PackageReference Include="Volo.Abp.Account.Pro.Public.Web.IdentityServer" Version="6.0.*" />
<PackageReference Include="Volo.Abp.IdentityServer.Web" Version="6.0.*" />

    with

    <PackageReference Include="Volo.Abp.Account.Pro.Public.Web.OpenIddict" Version="6.0.*" />
<PackageReference Include="Volo.Abp.OpenIddict.Pro.Web" Version="6.0.*" />

  • In MyApplicationWebModule.cs replace usings and module dependencies:

    using Volo.Abp.IdentityServer.Web;
...
typeof(AbpAccountPublicWebIdentityServerModule),
typeof(AbpIdentityServerWebModule),

    with

    using Volo.Abp.OpenIddict.Pro.Web;
...
typeof(AbpAccountPublicWebOpenIddictModule),
typeof(AbpOpenIddictProWebModule),

  • In MyApplicationWebModule.cs ConfigureServices method update authentication configuration:

    ConfigureAuthentication(context, configuration);

    with

    ConfigureAuthentication(context);

    and update the ConfigureAuthentication private method to:

    private void ConfigureAuthentication(ServiceConfigurationContext context)
{
    context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
}

    Note: v6.0.0-rc.1 seems to be using AddJwtBearer for authorization. This is fixed in the next versions. If you are using v6.0.0-rc.1, it is safe to delete the jwt authentication and configure the authentication as shown above.

    • In the MyApplicationWebModule.cs add PreConfigureServices like below with your application name as the audience:
    public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("MyApplication"); // Replace with your application name
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });
}

  • In MyApplicationWebModule.cs OnApplicationInitialization method remove IdentityServer and JwtToken midwares:

    app.UseIdentityServer();

Web Project (Tiered Solution)

  • In MyApplication.Web.csproj replace project references:

    <PackageReference Include="Volo.Abp.IdentityServer.Web" Version="6.0.*" />

    with

    <PackageReference Include="Volo.Abp.OpenIddict.Pro.Web" Version="6.0.*" />

  • In MyApplicationWebModule.cs replace usings and module dependencies:

    using Volo.Abp.IdentityServer.Web;
...
typeof(AbpIdentityServerWebModule),

    with

    using Volo.Abp.OpenIddict.Pro.Web;
...
typeof(AbpOpenIddictProWebModule),

  • In the MyApplicationWebModule.cs update the AddAbpOpenIdConnect configurations:

    .AddAbpOpenIdConnect("oidc", options =>
{
    options.Authority = configuration["AuthServer:Authority"];
    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

    options.ClientId = configuration["AuthServer:ClientId"];
    options.ClientSecret = configuration["AuthServer:ClientSecret"];

    options.UsePkce = true; // Add this line
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true;

    options.Scope.Add("roles"); // Replace "role" with "roles"
    options.Scope.Add("email");
    options.Scope.Add("phone");
    options.Scope.Add("MyApplication");
});

    Replace role scope to roles and add the UsePkce option.

  • In the MyApplicationMenuContributor.cs under Menus folder, replace the using and menu name under ConfigureMainMenuAsync:

    using Volo.Abp.IdentityServer.Web.Navigation;
...
//Administration->Identity Server
administration.SetSubItemOrder(AbpIdentityServerMenuNames.GroupName, 2);

    with

    using Volo.Abp.OpenIddict.Pro.Web.Menus;
...
//Administration->OpenIddict
administration.SetSubItemOrder(OpenIddictProMenus.GroupName, 2);

IdentityServer

This project is renamed to AuthServer after v6.0.0. You can also refactor and rename your project to AuthServer for easier updates in the future.

  • In MyApplication.IdentityServer.csproj replace project references:

    <PackageReference Include="Volo.Abp.Account.Pro.Public.Web.IdentityServer" Version="6.0.*" />

    with

    <PackageReference Include="Volo.Abp.Account.Pro.Public.Web.OpenIddict" Version="6.0.*" />

  • In MyApplicationIdentityServerModule.cs replace usings and module dependencies:

    using Microsoft.AspNetCore.Authentication.JwtBearer;
using IdentityServer4.Configuration;
...
typeof(AbpAccountPublicWebIdentityServerModule),

    with

    using OpenIddict.Validation.AspNetCore;
...
typeof(AbpAccountPublicWebOpenIddictModule),

  • In the MyApplicationIdentityServerModule.cs add PreConfigureServices like below with your application name as the audience:

    public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("MyApplication"); // Replace with your application name
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });
}

  • In the MyApplicationIdentityServerModule.cs replace ForwardIdentityAuthenticationForBearer under ConfigureServices method:

    context.Services.ForwardIdentityAuthenticationForBearer();

    with

    context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);

  • In the MyApplicationIdentityServerModule.cs, remove IdentityServerOptions configuration and JwtBearer options under ConfigureServices method:

    if (Convert.ToBoolean(configuration["AuthServer:SetSelfAsIssuer"])) // Remove
{
    Configure<IdentityServerOptions>(options => { options.IssuerUri = configuration["App:SelfUrl"]; });
}
...
context.Services.AddAuthentication() // Remove
    .AddJwtBearer(options =>
    {
       options.Authority = configuration["AuthServer:Authority"];
       options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
       options.Audience = "MyApplication";
    })

  • In MyApplicationIdentityServerModule.cs OnApplicationInitialization method replace IdentityServer and JwtToken midware:

    app.UseJwtTokenMiddleware();
app.UseIdentityServer();

    with

    app.UseAbpOpenIddictValidation();

  • To use the new AuthServer page, replace Index.cshtml.cs with AuthServer Index.cshtml.cs and Index.cshtml file with AuthServer Index.cshtml.

    Note: It can be found under the Pages folder.

Http.Api.Host

  • In the MyApplicationHttpApiHostModule.cs OnApplicationInitialization method, delete c.OAuthClientSecret(configuration["AuthServer:SwaggerClientSecret"]); in app.UseAbpSwaggerUI options configurations which is no longer needed.

  • In appsettings.json delete SwaggerClientSecret from the AuthServer section like below:

    "AuthServer": {
    "Authority": "https://localhost:44345",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "MyApplication_Swagger"
},

See Also