Cannot get username in client MVC app - identityserver4

I have 2 projects, one is the identity server 4 and one is the client AspNetCore MVC.
On client app, how I can get the current user name or current user email ?
More specific, I would like to put it on _Layout.cshtml .
Thank you,
Mihai

You can make a rest call to the server and have it return the authorized user.
Make sure you have the correct claims.
Get current user name in IdentityServer4 & ASP.net Core
For the official docs to getting user info check here:
http://docs.identityserver.io/en/release/endpoints/userinfo.html

If your MVP app requests the scopes email and profile then these 2 properties should be available in the user claims (available through this.User.Claims in the MVC controller).

Related

How to access multiple salesforce orgs with same connected app

I am trying to access the multiple communities in multiple salesforce sites with same connected-app but could not.
For example: I have created the two salesforce sites A and B. And created connected-app in A. To access rest API of A, i could authenticate with connected-app in A, But how to connect with B with using the same client_secret and client_id by differs in user_name and password?
Or is there any way to connect with REST API with username and password as creds?
Example: There is community_A1, community_A2 in Site A and community_B1 , community_B2 in Site B.
I need to access communities in both the Sites
This should work out of the box, what errors you're getting?
You can have 1 set of consumer key and secret and (if admin in target org didn't block it) you could use this to login to any SF in the world, sandbox or production, core SF or community.
Imagine being a developer of mobile app that pulls data from salesforce. You'd want to have just 1 pair of keys, not install separate key for every org people might install your app...
All org-specific stuff you need is username, password and login url. For community the login url will look like https://sandboxName-MyDomain.cs123.force.com/communityName
Once you have that, you can inspect all the OAuth2 stuff at https://sandboxName-MyDomain.cs123.force.com/communityName/.well-known/openid-configuration
Have you played with https://openidconnect.herokuapp.com/ ?
Paste your community url, for now keep the client and secret as is, click next. Login to community and keep clicking next. It should work fine and at the end - give you access_token / session id.
Now close this browser completely / open new incognito window and do it again. This time give your login url but also client and secret. Next, Next... Check the user's login history, it should mention your connected app now.
Now close this and do it last time, with the other community's login url and another user's credentials but still with your client and secret.
is there any way to connect with REST API with username and password
as creds?
Not for community. Internal users can get access in one go with https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_username_password_flow.htm&type=5 but community/experience users need this interactive login, there has to be a human consent / password typing step. And anyway it's not very secure flow. "Experience Cloud sites don’t support the OAuth 2.0 username-password flow."
In a pinch you could try the SOAP API's login method but from what I remember you may need to pass the community's Id in the message then
Connected-app is global metadata in salesforce. Once we create a connected-app in one org, then can access any salesforce site with the same client_id,client_secret, unless the admin has blocked the access.
I needed to add the custom profile into the community members to allow the access to the community via API (Community workspace -> administration -> members -> profiles.)

Post Identity Server 4 Registration

I have identity server 4 setup and my asp net core app working with it. If you hit a secure endpoint it redirects to Identity Server and you can login. Once you login it then redirects back to the url you were originally trying to access. What I would like to do is check that you have registered in my database before you get redirected. I thought that I could change 'RedirectUris' to a url of my choice but when I do that it has no effect. A breakpoint on that end point is never hit. What do I need to do in order to setup a post identity server login registration screen?
Is this the right way of doing it?
Thanks
Michael
If I understand your problem correctly, you want to get the user details in your application.
IdentityToken contains user name if you include Name scope.
If it is a web application then you may find the name on ((System.Security.Claims.ClaimsIdentity)User.Identity)
You can also add claims as you need, like userid, role etc
Comment
should each client have to 'register' a user with my api specifically?
What's the norm?
Depends on your requirements and what you are requesting for. On my case user must have allowed scope to access the api

Custom Layout for Client

I've installed an Identity Server 4 server with the ASP.NET Identity bits enabled.
When the user is redirected over to the Identity Server's log in page (which is now the ASP.NET Identity login page) is there a way to determine which Client the user has come from?
My particular use-case is to enabling some customization of the login page (a different MVC layout) for different clients.
Our sample UI shows how to do that -
inject IIdentityServerInteractionService into the account controller
call the GetAuthorizationContext method to get information like e.g. the client id.
https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/tree/release/Quickstart/Account/AccountController.cs

Getting Data From ASP.NET MVC Membership Provider With AngularJS

So I am using the built in ASP.NET MVC membership provider for the authorization of users in my web application. I added several fields such as first name, last name and customer number to the default fields that it comes with (email, password). I am able to register and log in users but now I want to get some of the information of the added fields for the user and use it in my AngularJS controller.
I have been working with learning AngularJS and have been successful with using the WebAPI to get and post data to the server but I am stumped on how I can get the information of the current user who is signed in to my application. I am assuming it is stored in a session token of some sort but I do not know how to access it and work with that information from an angular standpoint.
Any help is appreciated, I can provide whatever code is necessary but at this point I only have the basic built in code that asp.net uses to register and login users and my empty angular controller. Thanks.
To get the current user from anywhere on the server side, use
HttpContext.Current.User.Identity.Name;

AngularJS and ASP.Net Webapi user start page

I am using ASP.Net Webapi for my back end but would like to use the AngularJS for the frontend. I did manage to get the OAuth and other security working on my ASP.Net side and on the server side I can easily check the user role using attributes like [Authorize("Admin Role")]
My question is now on the AngularJS what is the best way to give a separate start page or the chrome inside which the SPA would run.
say for e.g. i have the following flow.
user types in my site address "www.mysite.com"
I present with the login screen.
user enters the login information and submits.
Based on the user provide different base path
4.1 : for Admin "www.mysite.com/admin"
4.2 : for Operator "www.mysite.com/operator"
4.3 : for supervisor "www.mysite.com/supervisor"
what i an trying to say is, the views and data is completely different for these kind of users so I can't have one default.htm that will work for all these users and will need different shell to display the views.
I know its easy to do in MVC but not sure how to do it in AngularJS. does someone have a suggestion on how this can be done.

Resources