Using ASP.NET Core for LTI v1.3 and LTI Advantage

Last time I wrote about LTI v1.3 and LTI Advantage. This time I’ll describe how I wrote my samples using ASP.NET Core.

I created two sample web applications: one for the platform side and one for the tool side of the integration. They share many attributes:

  • Both target the netcoreapp2.2 framework
  • Both were started in Visual Studio 2017 from the ASP.NET Core Web Application Razor Pages template with Individual User Accounts (to provide something like multi-tenancy)
  • Both reference a common library where I am collecting shared code
  • Both support the full suite of LTI Advantage features:
    • LTI v1.3
    • Assignment and Grade Services v2.0
    • Deep Linking v2.0
    • Names and Role Provisioning Services v2.0
  • Both work seamlessly with IMS’ reference implementation
    • And both use BouncyCastle to read and write PEM format IMS’ reference implementation uses to exchange signing keys

The Advantage Platform

I used the ASP.NET Core Web Application template with Individual User Accounts so I could provide something like multi-tenancy to people using the live version my LTI Advantage Platform for testing their tools. Each user that registers gets their own platform with one course and two people. Only they can use the tools and resource links that they register in their platform.

The source is on GitHub: https://github.com/andyfmiller/LtiAdvantagePlatform


Try It

  1. Go to https://advantageplatform.azurewebsites.net/
  2. Click on Register in the top nav bar
  3. Enter an email address (can be fake…this is only used to login) and password.
  4. Click on the Register button

You’ll be redirected to the home page which is now a dashboard showing you the platform, course, and people that were created for you.


LTI Advantage uses OpenID Connect and OAuth 2.0 to authenticate and authorize access for people, platforms, and tools. That means there needs to be an authorization server in the mix. The first two big decisions I made were to make the platform perform double duty as both the LTI Platform the authorization server; and to use Identity Server 4 for the latter.

Adding Identity Server 4 killed two birds with one stone:

  • A certified implementation of OpenID Connect (including all the flows used by an LTI Advantage integration)
  • Access control for the service APIs (e.g. LineItems in the Assignment and Grade Services)

An LTI Advantage Platform has several API endpoints to support with access control. To make development and testing easier for me and perhaps for people using my Advantage Platform to test their tools, I added Swagger and configured it work with Microsoft Identity (i.e. “Individual User Accounts”) and Identity Server 4 (e.g. “access control for the service APIs”) so that users only have access to their own platform, course, people, results, and scores.


Try It

First look up your course id:

  1. Go to https://advantageplatform.azurewebsites.net/ and login (or register if you haven’t registered yet)
  2. Click on your username in the top nav bar
  3. Click on Course in the left nav bar
  4. Remember your course id

Now try Swagger:

  1. Go to https://advantageplatform.azurewebsites.net/swagger/
  2. Click on the Authorize button
  3. Enter the username and password you used to register yourself
  4. Leave the client_id and client_secret alone
  5. Select the https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly scope
  6. Click on the Authorize button
  7. Click on the Membership > Get endpoint
  8. Click on the Try it out button
  9. Enter your course id in the contextid field
  10. Click on Execute

You’ll see the list of people that were created for you when you registered.


The Advantage Tool

Just as I did for the platform, I used the ASP.NET Core Web Application template with Individual User Accounts so I could provide something like multi-tenancy to people using the live version my LTI Advantage Tool for testing their platforms. Only they can use the platforms they register.

The source is on GitHub: https://github.com/andyfmiller/LtiAdvantageTool


Try It

  1. Go to https://advantagetool.azurewebsites.net/
  2. Click on Register in the top nav bar
  3. Enter an email address (can be fake, this is only used as a username) and password
  4. Click on the Register button

You’ll be redirected to the home page with a dashboard showing you the platforms you register to test with.


An LTI Advantage Tool has to understand and use OpenID Connect and OAuth 2.0 to communicate with an LTI Advantage Platform. To make that easier, I used IdentityModel. This made it very easy to request authorization to launch the tool and access tokens to use the service endpoints.

Next time I’ll write more about using Identity Server 4 for LTI Advantage.

This entry was posted in LTI and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.