Skip to content

auroris/OpenIddict-WindowsAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits

.config

.config

 
 

ActiveDirectory

ActiveDirectory

 
 

Properties

Properties

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

Authentication.cs

Authentication.cs

 
 

IdentityServer.cs

IdentityServer.cs

 
 

IdentityServer.csproj

IdentityServer.csproj

 
 

IdentityServer.sln

IdentityServer.sln

 
 

LICENSE

LICENSE

 
 

Program.cs

Program.cs

 
 

README.md

README.md

 
 

Startup.cs

Startup.cs

 
 

appsettings.json

appsettings.json

 
 

Repository files navigation

OpenIddict-WindowsAuth

An OpenID Connect authorization server for Windows Integrated Authentication using the OpenIddict library.

Rationale

Essentially a "copy and paste" OpenID Connect authorization server that doesn't need to maintain a database, certificates or any kind of permanent state. All it needs to do is perform Windows Authentication and pass the results to whomever called it.

Installation

OpenIddict-WindowsAuth doesn't have a database, so whenever the application is unloaded or recycled any tokens issued will no longer be valid. You can configure the app pool to suspend rather than terminate during periods of inactivity and alter the pool's recycle settings to fire on a set schedule during periods of inactivity.

You must enable both Windows Authentication and Anonymous Authentication in IIS.

Configuration

Configuration for the application is primarily via appsettings.json, though environment variables and command line options are supported as well. The following configuration keys are of importance.

IdentityServer:ServerUri

The full URI IdentityServer should report in the Issuer and configuration fields of the /.well-known/openid-configuration document. If you install IdentityServer to "http(s)://myserver.com/IdentityServer/" that is what you should report in this field.

IdentityServer:Hosts

This key is a list of acceptable hosts attempting to authenticate against this application. We will not return authentication data for hosts not in this list. This list is also used to specify dotNet's cors setting. The expected format is a regular base URL without a trailing slash.

IdentityServer:Groups

This key is a list of acceptable active directory groups. Items are exact match, case insensitive, but also allows wildcards. If the authenticating user is a member of an active directory group listed here, it will be returned as a role claim.

Testing

If you run the project in Visual Studio, here are the testing Uris:

Viewing the OpenId configuration document:

Testing the authorization endpoint with oidcdebugger:

About

An OpenID Connect authorization server for Windows Integrated Authentication using the OpenIddict library

Topics

windows authentication iis openid-connect windows-authentication openiddict openiddict-windowsauth

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages