Identity Server: Introduction
In the SPA based sample applications, this blog has used so far user authentication has either been completely ignored in order to keep the examples simpler or the sites have used ASP.NET Core’s built in identity to encapsulate the whole SPA. In this post (or series of posts) I am going to share what I learn along the way of creating an Angular (2+) application that utilizes ASP.NET Core as its host/API/backend.
This post isn’t going to cover any code it is just going to be a lot of the information I gathered in the process of learning more about Identity Server.
Following are all the post in this series.
Identity Server: Introduction (this post)
Identity Server: Sample Exploration and Initial Project Setup
Identity Server: Interactive Login using MVC
Identity Server: From Implicit to Hybrid Flow
Identity Server: Using ASP.NET Core Identity
Identity Server: Using Entity Framework Core for Configuration Data
Identity Server: Usage from Angular
Identity Server
According to their docs IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core which enables Authentication as a Service, Single Sign-on, API Access Control and a Federation Gateway.
Obviously, that covers a lot of scenarios. The two that I am interested in are Authentication as a Service and the API Access Control which has driven my research which means that the other aspects of IdentityServer4 will not be included.
Official Samples
The IdentityServer GitHub account has a samples repo that contains a ton of examples. I have found the quickstart area of the repo to be the most helpful when starting out.
Based on all the quickstarts samples it looks like a typical setup involves a minimum of three projects. One for the API, one for the client and one for Identity Server. As you go through the samples the number of projects increase, but that is because of a wider range of scenarios that the sample is trying to cover.
References for learning
Damienbod has a whole series of blog posts related to IdentityServer4 and code to go along with it which can be found here. As a side note if you are interested in ASP.NET Core and you aren’t following damienbo you should be he has a ton of great content.
Blog posts
- ASP.NET Core Authentication with IdentityServer4 – Mike Rousos
- Secure your .NETCore web applications using IdentityServer 4
Videos
- Identity Server 4 with Angular 2 and ASP.NET Core | Ben Cull at DDD Brisbane
- IdentityServer4: New & Improved for ASP.NET Core – Brock Allen & Dominick Baier
Identity Server Alternatives
Identity Server isn’t the only way to go there is a number of Software as a Service options that cover a lot of same scenarios. The following are some examples.
Auth0 – Check out the .NET Core related blogs by Jerrie Pelser
Stormpath
Amazon Cognito
Wrapping up
Obviously, I didn’t get a lot covered on how to actually do something with IdentityServer, but I wanted to share my starting point. This is an area I am going to continue digging it to and sharing information about as I learn more.
If you have any resources in this area please leave a comment below.
Identity Server: Introduction Read More »