IdentityServer3 Custom Views for login

So in my endeavors to support Facebook, Google, Outlook and etc login providers the middle ware IdentityServer3 on git has proven worth its weight in gold.

If you need to customize the views for a client, let us suppose a customer wants the login page to be branded for their company logo….What??… the nerve of them.. lol… Seriously, it is extremely easy… See this link: [ branding ]  Perhaps they want to use a bootstrap theme, different layout or various validation rules… See that link…


My next post will be about using this with an Angular2 application. Much easier than I even thought!

IdentityServer3 Login Form + Anonymous Auth on IIS

When you deploy to IIS be sure to edit the web sites Authentication settings

Anonymous Authentication: Enabled

Basic Authentication: Disabled

Windows Authentication: Disabled

Digest Authentication: Disabled

Forms Authentication: Disabled

ASP.NET Authentication: Disabled

With this setup, you will not automatically be logged in via your Domain Account, but instead prompted to login via the Middleware Login Page.

If you want your users to use their windows login, you can enable Windows Authentication.


IdentityServer3 + MVC Login Infinite loop

I upgraded an existing MVC3 Project that once used Web Form login and Active Directory as a means to authenticate a user,  to now  use a login process similar to sites that let you use OAUTH2 but pick either facebook, google or other identity service provider.

When I finished the upgrade process I was getting the login form via the IdentityServer3 middle-ware, but when it tried to redirect to the original site (client) it was just loop and loop… and … well you get the point by now….

To fix the issue: (found numerous solutions here…)

The short is that I needed to either add the session_onstart in global aspx or add a CallbackPath.

GLOBAL.ASAX file fix:

 protected void Session_Start(object sender, EventArgs e)
 /// When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. 
 /// As a result, a new session ID is generated for each page request until the session object is accessed. 
 /// If your application requires a static session ID for the entire session, 
 /// you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, 
 /// or you can use code in another part of your application to explicitly store data in the Session object.
 base.Session["init"] = 0;

The  CallBackPath solution goes in your code where you are configuring your owin process app.UseOpenIdConnectAuthentication  — do this in the client application.

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
 ClientId = "app_jcrl",
 Authority = Constants.BaseAddress,
 RedirectUri = "",
 PostLogoutRedirectUri = "",
 ResponseType = "code id_token",
 Scope = "openid profile read write offline_access",
 CallbackPath = new PathString("/home/index/"), // Critical to prevent infinite loop 
 TokenValidationParameters = new TokenValidationParameters
 NameClaimType = "name",
 RoleClaimType = "role"