Core Web App Quickstart

Features

• AspNetCore 1.0
  • https Kestrel (uncomment Code for https)
• Thinktecture IdentityServer4
  • AspNetIdentity
  • EntityFrameworkStorage
  • Social Logins (Google, Twitter)
• Swagger
  • Swagger is a simple yet powerful representation of your RESTful API
  • IdentityServer OAuth Integration
• Unit Tests based on XUnit

Test Drive

• Open CoreWebApp.Quickstart.sln
• Set CoreWebApp as the startup project
• Choose CoreWebApp (Kestrel) as your debug configuration. Alternatively you can still use IIS Express for debugging
• Hit F5 to build and start debugging
• The console window starts and kestrel serves the API and STS at http://localhost:5000

Login

• Start your favorite browser and open http://localhost:5000
• Click the Login With Profile and Access Token button
• After the STS MVC Site has loaded click Register
• Provide a valid email (must not exist, but be valid foramtted) and a complex password
• Click Register button
• Now you're back on the index.html page, still not logged in
• Click the Login With Profile and Access Token button again
• Click *Yes, Allow" on the consent page
• You're back at the index.html page, this time you've got a valid ID and Access Token
• Click Call Service button to call the IdentityController
• Check out the Ajax Result
• Congrats, you've called the protected API with an Access Token provided by the STS

Security Token Service (STS)

• Open http://localhost:5000/.well-known/openid-configuration
• Check out the sts configuraton

Postman

• Start Postman
• Add a new request Tab
• Set the request url to GET http://localhost:5000/api/v1/Identity
• Switch to Authorization Child Tab
• Choose OAuth 2.0 as the value for Type
• Click the orange button Get New Access Token
• Fill in
• Token Name: Code
• Auth Url: http://localhost:5000/connect/authorize
• Access Token Url: http://localhost:5000/connect/token
• Client ID: Postman
• Client Secret: secret
• Scope: api1
• Grant Type: Authorization Code
• Click orange button Request Token
• STS Login Page pops up
• Enter your login credentials
• Click Login button
• Select the new Token in the Existing Tokens list
• Set Add token to value to Header
• Click the orange Use Token button
• Congrats, you've called the protected API with an Access Token provided by the STS from Postman

Swagger

• Open http://localhost:5000/swagger/ui
• Open Identity
• Open the GET /api/v1/Identity action
• Click Try it out! Button
• You get a 401 response code because you can't call a protected API without an Access Token
• Click Authorize button in the top banner next to Explore button
• Choose api1 and click Authorize
• The implicit flow takes you to the STS Login Page, in case you're already signed in the redirect happens very fast
• Click Try it out! Button again
• This time you get a 200 response code. The response body shows the result returned from the protected API
• Congrats, you've called the protected API from the Swagger UI Page with an Access Token provided by the STS