My goal is a Angular app that consumes a web service, with users of the app/web service authenticated using Windows auth. Users should be able to log into a machine on our Windows domain, open a browser and use the Angular app without logging in again.
Research
I downloaded all the source code samples from https://github.com/IdentityServer/IdentityServer3.Samples/
I worked through the Simplest OAuth2 Walkthrough sample. No problems.
I then opened the Web Host (Windows Auth All-In-One) sample. I could restore and build the project, after commenting out two lines of code that were causing issues (Clients.cs lines 313,359, setting 'AllowAccessTokensViaBrowser=false'. Probably not relevant.)
When the app was run, I could see the IdentityServer3 landing page on localhost:44333. Great.
I could also see the Windows authentication service metadata (A SAML document) on localhost:44333/windows. Also, great.
The problem is, I don't know what to do next. This document seems to suggest that the next step involves writing a client that makes a call to the Windows authentication service to get a token:
http://github.com/IdentityServer/IdentityServer3/issues/1463
Is this the right approach? I can't make the code sample work. I am not even sure I can pointing the OAuth2Client at the right place. Please can someone explain this process, or point me a example with a working client? Thank you in advance for help :)
EDIT
I have been doing some further research. I have checked the logs of the Identity server to make sure that the Adding WS-Federation endpoint operation completes during configuration. It does.
Then I created a simple console app to call the Windows authentication service, as suggested here: github.com/IdentityServer/IdentityServer3/issues/2318
Having imported Thinktecture.IdentityModel.Client, I modifying the code on that page to fit my port numbers etc, I ended up with this:
var handler = new HttpClientHandler
{
UseDefaultCredentials = true
};
var oauthClient = new OAuth2Client(
new Uri("https://localhost:44333/windows/token"),
handler);
var result = oauthClient.RequestCustomGrantAsync("windows").Result;
My result object still has a HttpErrorStatusCode of NotFound, which makes me sad.
ANOTHER EDIT
I tried pointing the client at the Identity server endpoint, as suggested below by Branimir. So my code now reads:
var oauthClient = new OAuth2Client(
new Uri("https://localhost:44333/connect/token"),
handler);
This does not work either. This is what the Identity server logs say:
Start token request
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Validation.SecretParser)
Parser found no secret
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Validation.ClientSecretValidator)
No client secret found
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Endpoints.TokenEndpointController)
End token request
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Results.TokenErrorResult)
Returning error: invalid_client
So I am no further forward.
Why do you want to use the token endpoint at all - simply do OAuth/OpenID Connect implicit flow. This will authenticate the user automatically using Windows authentication.