I have a legacy app which already has implemented its own dbo structure for users, roles etc thus I don't want to use ASP.NET Core Identity.
However, I would like to implement OAuth2 functionality, so I am thinking about creating authentication server using IdentityServer4.
Can you, please, give me a hint how to wire IdentityServer4 with custom user&password dbo tables?
Related
I am developing ASP.Net Core App with Backend For Frontend pattern using Ocelot. For now there will be a single API service but in the future I might migrate to microservices. Let's say it will be an e-commerce system where I will create different web apps for customers and for employees. I may also have Mobile app for customers.
From my research I know that should have my main API, then two API Gateways and two client (angular) apps. There also needs to be separate IdentityServer app.
So my question is - is there a way to configure the IdentityServer and gateways in such a way, that when I log in app for employees I won't be authenticated in customer app? I cannot understand if it should be possible with right configuration of scopes, claims or audiences. I saw many examples where that properties were set completely differently. I can prevent user from accesing some endpoints with the use of Roles but I think that it's not the right way to do this.
Or maybe since IdentityServer has built in SSO I should not use it and move to different authentication provider?
You should let the authorization sub-system in ASP.NET Core decide if the user is allowed or not, typically based on the claims in the access token.
You need to understand that you handle authentication and authorization separately in ASP.NET Core as the picture from one of my training classes show:
For more details:
Introduction to authorization in ASP.NET Core
Policy-based authorization in ASP.NET Core
Claims-based authorization in ASP.NET Core
I was playing with a new project using dotnet core 3.1, angular and individual user accounts.
After create the project I added scaffolded items for Identity.
All views are using MVC.
Is there Angular views version for this?
When we are using IdentityServer as an identity provider. We are using different approach as Individual User Accounts. So, identity provider service will handle all operations such as create, update, change password, etc.
This is the reason of why we don't have same things in Angular and IdentityServer. But you can use Skoruba project, which handle a lot of requirements.
I'm building a system with 3 projects and I'm struggling with how to implement user management. I have 3 projects, an asp.net core MVC, an asp.net core Web API and an identityserver4. I want to use asp.net core identity for user management because the framework provides a lot, but I don't know where to place it. The system itself is not a big system yet, but I want it to be scalable in the future. I've read that the only thing identityserver is suppose to do is the authentication and authorization and not deal with the user management part(create users, change permission, etc.)
In the system itself, I need to have an admin that has access to the users (through the frontend MVC) and can create new or delete users, etc.
so the question is, Should i implement all the user management functions that asp.net core identity provides in the identityserver4 project or should I build it in the web API and have the two projects access the same database. I don't want the 4th project only for user management, though I know that is the ideal solution.
Currently, the mvc app only connects with the web API with the bearer token that identityserver provided.
Or, should I go in a new direction and use jwt token and asp.net core identity and only have two projects?
I'm very confused about this part, and I want to know what is the best practice.
Only Identity Server project (and any projects that are related to it) should have access to the user database. All user info a client or a API resource needs, it needs to get it from the IS its self. Now, setting up Identity Server properly depends on your needs. If you want a simple one for a few apps to use, go with a single project that can sign in users and register them, and setup your clients and API resources in the config.cs files. This is not a great way to do it though. Generally, you should have a IS project for user sign in and registration, and one more project that manages those users, as well as clients and API resources. You can see a great example of it here, it also uses ASP.NET Identity, and has a STS project(Identity Server), Admin project(User, Client, API manager) and an API project(for all related db access). Hope this helps.
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
I want to compare authentication methods in asp.identity and dotnetnuke. I have read very articles about authentication in dotnetnuke.
DNN AUTHENTICATION WITH NEW ASP.NET IDENTITY SYSTEM
DotNetNuke Tips and Tricks #12: Creating your own Authentication Provider
Using DNN authentication and authorization info from another ASP.NET app
How to Setup the Authentication Settings in DotNetNuke
But I din't understand authentication elements and the relationship between them.
It would be very helpful if someone could explain authentication method in dotnetnuke.
Thanks.
DotNetNuke uses Asp.Net Membership not Identity. To replace the core authentication provider would be a lot of effort.
There are several ways to create your own authentication provider, but ultimately it will still be using the DotNetNuke Asp.Net Membership process. If you want to use an external service that uses Asp.Net Identity you could have your external Asp.Net Identity service pass a token/cookie to a custom DotNetNuke authentication/redirect module that validates the token/cookie, migrates the user from the Asp.Net Identity database to the DotNetNuke Asp.Net Membership database and finally does the login: DotNetNuke.Entities.Users.UserController.UserLogin.