IdentityServer3 with Custom grant flow and Windows authentication


One of our Recent enterprise projects required designing a micro-service infrastructure with Windows authentication. We achieved this by implementing an OpenID infrastructure using IdentityServer3

What we are going to do?

  1. Setup and configuration of the IdentityServer3.
  2. Creating a client for the IdentityServer3 with Flows.Other and AllowedCustomGrantTypes: "windows".
  3. Setup and configuration of the WindowsAuthenticationService.
  4. Creating a custom grant validator in IdentityServer3 for windows grant type.
  5. Creating a console client and get a token from IdentityServer3 by using the current Windows principal.

How does this all communicate?


The client (in our case a WPF-based desktop application) calls WindowsAuthenticationService for converting his/her current windows principal to jwt token, which is trusted by IdentityServer3. On the next step, the Client calls the IdentityServer’s /token endpoint (using custom grant: windows ), including in the request the jwt token got from WindowsAuthenticationService. IdentityServer3will then issue a new token with requested scopes, custom claims and etc.

Read the full article