- ABP Framework version: v5.3.4
- UI type: MVC
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
What I need and try to do: With abp vnext (IDS4), make SSO(Single Sign-on) for web product and Winform product. Use code flow.
What I will try to do: Steps: 1, when ids mvc login page open, and login successfully, I will get the token from HttpContext.Request.
2, save this token into redis.
3, when Winform or another different browser try to open the login page(ids4 mcv). I need to get the token from redis.
4, add this token into HttpContext.Request in the OnGetAsync() method in Login.cshtml.cs.
3 Answer(s)
-
0
Are you trying to save/get the Access Token of MVC application and use it in a different application (Winform application)? If that is what you are trying to, it is basically what these security systems are preventing against.
If you are trying to achieve communication between an MVC application and Winform application, you should use Client-Credentials flow. If you are trying add your Winform application to the openid provider environment (identityserver) just like the mvc application, you need to add the MVC application as a client to the IdentityServer.
-
0
Are you trying to save/get the Access Token of MVC application and use it in a different application (Winform application)? If that is what you are trying to, it is basically what these security systems are preventing against.
If you are trying to achieve communication between an MVC application and Winform application, you should use Client-Credentials flow. If you are trying add your Winform application to the openid provider environment (identityserver) just like the mvc application, you need to add the MVC application as a client to the IdentityServer.
Are you trying to save/get the Access Token of MVC application and use it in a different application (Winform application)? If that is what you are trying to, it is basically what these security systems are preventing against.
For this, Yes. I try to make web application and Winform application or diffirent browser to share the token by redis. So you mean, we cannot make it by abp IDS4 server? Can I make it if I have the abp source code to change IDS4 server?
We have different applications: web, winform, mobile. Right now, we are trying to find solution to make SSO for all these applications. Means, if the different applications in save pc/vm, they just need one to use code flow/openid to login and all others do not need login again, they will auto login.
So I try to use abp ids4 server, and let different applications to share token by redis.
Thanks,
-
0
You can not use a token of an application in another application.
If you want to add your external application to the SSO, check the IdentityServer documentation about clients to add your application. It's authentication flow varies based on your application. Suggested flows are hybrid flow for server-side rendering applications (MVC, Web Forms etc) and Authorization Code flow with PKCE for SPAs.
If you are using ABP commercial, you can use IdentityServer Management UI to add new clients. Examine the existing clients and add your new client using the UI and add the related OpenIdConnect configurations to your application.