ContextQMD
Back to Abp

OpenIddict MVC/Razor UI Migration Guide

docs/en/release-info/migration-guides/openiddict-mvc.md

10.3.05.6 KB
Original Source
json
//[doc-seo]
{
    "Description": "This guide provides step-by-step instructions for migrating your MVC/Razor UI project to OpenIddict, enhancing security and authentication."
}

OpenIddict MVC/Razor UI Migration Guide

Web Project (Non-Tiered Solution)

  • In MyApplication.Web.csproj replace project references:

    csharp
    <PackageReference Include="Volo.Abp.AspNetCore.Authentication.JwtBearer" Version="6.0.*" />
<PackageReference Include="Volo.Abp.Account.Web.IdentityServer" Version="6.0.*" />

    with

    csharp
    <PackageReference Include="Volo.Abp.Account.Web.OpenIddict" Version="6.0.*" />

  • In MyApplicationWebModule.cs replace usings and module dependencies:

    csharp
    using Volo.Abp.AspNetCore.Authentication.JwtBearer;
...
typeof(AbpAccountWebIdentityServerModule),
typeof(AbpAspNetCoreAuthenticationJwtBearerModule),

    with

    csharp
    typeof(AbpAccountWebOpenIddictModule),

  • In MyApplicationWebModule.cs ConfigureServices method update authentication configuration:

    csharp
    ConfigureAuthentication(context, configuration);

    with

    csharp
    ConfigureAuthentication(context);

    and update the ConfigureAuthentication private method to:

    csharp
    private void ConfigureAuthentication(ServiceConfigurationContext context)
{
    context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
}
    • In the MyApplicationWebModule.cs add PreConfigureServices like below with your application name as the audience:
    csharp
    public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("MyApplication"); // Replace with your application name
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });
}

  • In MyApplicationWebModule.cs OnApplicationInitialization method replace IdentityServer and JwtToken midwares:

    csharp
    app.UseJwtTokenMiddleware();
app.UseIdentityServer();

    with

    csharp
    app.UseAbpOpenIddictValidation();

Web Project (Tiered Solution)

  • In the MyApplicationWebModule.cs update the AddAbpOpenIdConnect configurations:

    csharp
    .AddAbpOpenIdConnect("oidc", options =>
{
    options.Authority = configuration["AuthServer:Authority"];
    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

    options.ClientId = configuration["AuthServer:ClientId"];
    options.ClientSecret = configuration["AuthServer:ClientSecret"];

    options.UsePkce = true; // Add this line
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true

    options.Scope.Add("roles"); // Replace "role" with "roles"
    options.Scope.Add("email");
    options.Scope.Add("phone");
    options.Scope.Add("MyApplication");
});

Replace role scope to roles and add UsePkce and SignoutScheme options.

IdentityServer

This project is renamed to AuthServer after v6.0.0. You can also refactor and rename your project to AuthServer for easier updates in the future.

  • In MyApplication.IdentityServer.csproj replace project references:

    csharp
    <PackageReference Include="Volo.Abp.Account.Web.IdentityServer" Version="6.0.*" />

    with

    csharp
    <PackageReference Include="Volo.Abp.Account.Web.OpenIddict" Version="6.0.*" />

  • In MyApplicationIdentityServerModule.cs replace usings and module dependencies:

    csharp
    typeof(AbpAccountWebIdentityServerModule),

    with

    csharp
    typeof(AbpAccountWebOpenIddictModule),

  • In the MyApplicationIdentityServerModule.cs add PreConfigureServices like below with your application name as the audience:

    csharp
    public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("MyApplication"); // Replace with your application name
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });
}

  • In MyApplicationIdentityServerModule.cs OnApplicationInitialization method remove IdentityServer midware:

    csharp
    app.UseIdentityServer();

  • To use the new AuthServer page, replace Index.cshtml.cs with AuthServer Index.cshtml.cs and Index.cshtml file with AuthServer Index.cshtml and rename Ids2OpenId with your application namespace.

    Note: It can be found under the Pages folder.

Http.Api.Host

  • In the MyApplicationHttpApiHostModule.cs OnApplicationInitialization method, delete c.OAuthClientSecret(configuration["AuthServer:SwaggerClientSecret"]); in app.UseAbpSwaggerUI options configurations which is no longer needed.

  • In appsettings.json delete SwaggerClientSecret from the AuthServer section like below:

    json
    "AuthServer": {
    "Authority": "https://localhost:44345",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "MyApplication_Swagger"
},

See Also