I have two applications using MVC Core 2.2 with Entity and Identity
These two applications need to use the same user base. All applications and database are on the same server.
Permissions and roles will be different per site, my main goal is SSO (Single Sign On).
In this case, do I need to use some tool like Identity Server 4? Or can I do it in a simpler way?
Related
I am writing an ASP.NET Core 6 application and have to have user logins. The choices are either ASP.NET Core Identity that is a part of the ASP.NET Core 6 framework or to use Active Directory.
This will all be hosted on Azure so if I use Active Directory it will be Azure Active Directory used solely for this application.
As I see it the trade-offs are:
ASP.NET Core Identity
Integrated into the framework - easier to use.
Active Directory
Supports more MFA options
Need it if I'm going to also have a Web API available too
Can connect another Active Directory to provide users eliminating the need for duplicate logins for users on associated systems.
Am I missing something here? Because it appears to me that it's a slam dunk to use Active Directory.
I am looking to develop an Authenticator/Authorizor (AA) by either creating an AA service using Identity Core or by deploying Light Weight Active Directory on an edge server. Either may be also used as an Identity Store. Does either approach bring advantages over one the other, and if so how?
An easy one I can think of is: that there is no support for API communication in LW AS. Leading to another question about Identity Storage, Can I heavily customize Identity storage developed through Identity Core which can support multi-protocols like Windows Communication Foundation (WCF)?
I'm building a system with 3 projects and I'm struggling with how to implement user management. I have 3 projects, an asp.net core MVC, an asp.net core Web API and an identityserver4. I want to use asp.net core identity for user management because the framework provides a lot, but I don't know where to place it. The system itself is not a big system yet, but I want it to be scalable in the future. I've read that the only thing identityserver is suppose to do is the authentication and authorization and not deal with the user management part(create users, change permission, etc.)
In the system itself, I need to have an admin that has access to the users (through the frontend MVC) and can create new or delete users, etc.
so the question is, Should i implement all the user management functions that asp.net core identity provides in the identityserver4 project or should I build it in the web API and have the two projects access the same database. I don't want the 4th project only for user management, though I know that is the ideal solution.
Currently, the mvc app only connects with the web API with the bearer token that identityserver provided.
Or, should I go in a new direction and use jwt token and asp.net core identity and only have two projects?
I'm very confused about this part, and I want to know what is the best practice.
Only Identity Server project (and any projects that are related to it) should have access to the user database. All user info a client or a API resource needs, it needs to get it from the IS its self. Now, setting up Identity Server properly depends on your needs. If you want a simple one for a few apps to use, go with a single project that can sign in users and register them, and setup your clients and API resources in the config.cs files. This is not a great way to do it though. Generally, you should have a IS project for user sign in and registration, and one more project that manages those users, as well as clients and API resources. You can see a great example of it here, it also uses ASP.NET Identity, and has a STS project(Identity Server), Admin project(User, Client, API manager) and an API project(for all related db access). Hope this helps.
I have a requirement where I need to be able to create a user via a ASP.NETCore based web application and also via a windows application(.NET 4.6). The same user could be used to login to both the Web Site and the WindowsApp. The credential store used is a SQL Server database. I am using ASP.NET Core Identity with the default PasswordHashing implementation for the Web Application. But the problem that I am having is in trying to replicate the same PasswordHashing algorithm when creating users via the WindowsApplication. What is the easiest way to achieve this?
You can configure the ASP.NET Core Identity PasswordHashing implementation to use the V2 version - thus aligning with the behaviour of Identity 2 (that I'm guessing you're using in the .NET framework Windows app).
In the startup.cs of the web application, add this line:
services.Configure<PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2);
All passwords created through web will have to be reset.
I'm building a website from scratch using ASP.NET MVC 4.
The application is hosted on Windows Azure.
It's a rather basic website application.
Next, I would like to authenticate my users.
The authentication requirements are, again, rather basic and straight forward.
I did some reading, and it seems that the best two options for me to achieve users authentication are:
1. ASP.NET SimpleMembership
2. Windows Azure Active Directory Access Control
Now, my questions are, which one should I choose? which one is more secured?
It is dependent on what you want. WAAD -ACS gives you option to integrate various identity providers like google,yahoo etc or federate with Active directory services.
But if do not want such options and simply use your existing asp.net membership you can do that as well.