I am currently creating an app using ASP.NET MVC and Identity Server 4. This app is a part of a bigger project and is supposed to act as a SSO provider for a bunch of different apps (let's call them child apps).
There are no separate projects for Identity Server and MVC client, those are both in the same app but this app's only purposes are to manage users (register, login) and send info about the user (is authenticated, id, username) to child apps.
Registering user works properly, but I'm not sure about login I see the cookies being created in my browser but I want the page header to change depending on if user is logged in but I can't really grasp the concept of how to actually check if user is logged in. I know about oidc clients and how they manage to check it but as I said there is no separate client in my case, is there a way to get this information as well as id and username from cookies or some Identity Server endpoint?
CodePudding user response:
To get all info about current user, use HttpContext.User
like other clients.
EG: HttpContext.User.Identity.Name
for username.
But HttpContext.User
will null if user is not logged-in or session expired. So, to ensure only logged-in user access backend function, just place Authorize
filter to action/controller.
You can check IdentityServer4 Github for more sample.