IdentityServer.v3, MembershipReboot, AngularJs, WebApi 2 and MVC : Mix It ! : Introduction

Disclaimer : I am not an angularjs or security expert. What I write here is based on my readings and foundings on the net. I also didn’t read the full OpenId connect spec. So feel free to comment the articles and the code and I will try to keep it up to date.

This article talks about different open source project that you can use to build and protect your application. As there are lots of article speaking on angularjs, webapi2 and MVC my main focus point here is how to use the new Thinktecture’s IdentityServer v3 to protect your application and allow external application (Client) to call your Api. (remember the “Do you allow XXXX to acces your email and profile information and to have ‘write‘ access to your data?”).

full code :


I splitted this article in multiple parts for clarity and will try to keep each part up to date as comments are coming in :

Part 1setting up and configure IdentityServer. IdentityServer will be used to authenticate user but also to authenticate Client and give them access to User’s resource after they give them consent.

Part 2create our “private” API that will contain an accountController responsible for creating our users. The responsibility to authenticate them will be provided by IdentityServer.

Part 3 : creating a public Web API that will “expose” user’s Resources. By user resources, I mean Products, Contacts, Orders …

Part 4creating our angularjs Web UI which will allow us to Register an account, Log In and Logout, List Resources…

Part 5 Creating an MVC application that will access our public Web Api using a token.

link to frameworks

IdentityServer :

AngularJs :

Web Api :


Semantic UI :


13 thoughts on “IdentityServer.v3, MembershipReboot, AngularJs, WebApi 2 and MVC : Mix It ! : Introduction”

  1. Thank you Cedric, very helpful post! Could you advise me, please, how to add possibility to use external IdP to this solution?

  2. I mean how to add to this solution possibility to log in with Facebook or Google for example. Because they don’t support password flow so anyway we have to redirect user to their endpoint. But what is the best way to do in your opinion: make it through Identity Server (using idp:Facebook parameter for example) or just simply redirect directly to their authorization endpoint and handle callback?

    1. Hello Pavlo.

      Did you find any solution to this? I want to add a “Facebook Login” button on my angularjs html page which will redirect use to facebook login(if not already logged in) else will show a access request page.

  3. I have been working on the IS V3 for weeks but with no true success. It never has worked on my local host. I have published it to my server creating a “host” constant that can be localhost:44319 or
    It partially seems to work but not completely.
    The problem seems to be with the bearer token for the CallApi function within the CallApiController.
    I think the real problem is in the Api Project.
    I cant verify host is able to perform.
    I was able to code around the CallApi(user) and grab the User Profile. I also had to reformat the “pretty” call.
    var client = new HttpClient();
    // Original Code from GitHub
    // var json = await client.GetStringAsync(“https://localhost:44321/identity”);
    // return JArray.Parse(json).ToString();
    // However it only works for “user” info and not “client” f

    // URI corrected by adding /connect/userinfo and changed to host =
    var json = await client.GetStringAsync(“https://”+host+”/identity/connect/userinfo”);
    return Newtonsoft.Json.Linq.JObject.Parse(json).ToString(Formatting.Indented);
    Because there are no comments within the code it is very difficult to understand what the goals of the code are.
    I have another test site I have established using WSO2. It works but is in java/apache. I want a unified solution so I want an all Microsoft environment–C#/IIS
    You can observe the “bearer” token in the WSO2 solution at http://www.portal-alpha.US, click through to the SSO logon and use bob:secret. Note the .US
    I have been trying to reproduce this functionality with IdentityServer V3 but to no avail.
    it is up at
    I think the monumental effort of the authors of IS V3 is admirable. However, in code documentation is weak and assumes the user knows what they are doing while wandering in the forest.
    I believe a very good plan for them would be to mount each example at a operational, secure web site.
    Jim Lennane

  4. Hi, i have a problem for creating the database. The code fails at DefaultMembershipRebootDatabase(this.conString).

  5. the error is

    A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: