This article describes how to use access tokens in HTTP requests to access protected resources such as Sitefinity Web API. You need to perform the following:
Acquiring an access token from the STS depends on the type of the application that will consume the Web API, whether it is WebApp, SPA, mobile, or desktop. Choosing the right flow is essential. Out-of-the-box IdentityServer3 supports all the OpenID Connect flows: Authorization code, Implicit, Hybrid, Client credentials, Resource owner credentials.
Here are two samples how to configure your apps with Sitefinity CMS and acquire an access token using the Resource owner flow and the Implicit flow. For the other flows, you can refer to the IdentityServer3 samples at the bottom of the article.
Perform the following:
NOTE: If you have an external project, you must install the official IdentityModel NuGet package. You do not need to do this, if you have already installed Progress.Sitefinity.Authentication NuGet package
For more information about Endpoints, supported by IdentityServer 3, see the following:
NOTE: You can configure the STS endpoint to be different from http://yoursitefinitysite/Sitefinity/Authenticate/OpenID/connect.
To do this, navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » ServicePath.
var user = User as ClaimsPrincipal;
var token = user.FindFirst("access_token");
request.Headers.Add("Authorization", "Bearer " + token);
Sample project: Sitefinity CMS MVC Client Implicit Flow Authorization
IdentityServer3 samples: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients
Back To Top