I have a Web application where I am using MembershipReboot to implement authentication. Now I want to use Identity server 4 (with MVC core)to secure this application and an API. I found that We can customize IResourceownerpasswordvalidator and
IProfileservice classes to use existing database with identity server. I also see there is membershipreboot sample with identity server 3 but not with identity server 4.
Please suggest what method do I need to use for user authentication using identity server with existing database of membershipreboot.
Related
I have an asp .net core 3.1 web application that uses the MS Identity (for users) and Entity (codefirst) framework to authenticate users stored in database.
All user rights/groups etc. are stored locally and used to allow/deny access to different areas of the application.
So what I think I need is a way to allow users in my web-app to choose to authenticate using AzureAD account, and when the authentication is done, the wep-app will sign-in the local-user somehow linked to the Azure user
Is this how to do this, or can you guide me to how to do this the correct way
To achieve the above requirements, You can use Azure AD authentication & external login in your asp.net application by implementing the code in your appsettings and controller as mentioned here .
As you wanted to implement the application ,
Consider other options before storing users of your Web applications in a local database. Instead of managing users in a local database, it's best practice to store and manage user information outside of the application, such as with Azure Active Directory or Azure Active Directory B2C. Consider Identity Server if the authentication service must run on-premises. Identity Server is a member of the.NET Foundation and is OpenID certified.
To implement from scratch you can refer this blog.
Please refer the below links for the similar discussion & Documentation to get started with :-
MICROSOFT DOCUMENTATION|Secure a hosted ASP.NET Core Blazor WebAssembly app with Identity Server
SO THREAD|Implement both Individual User Accounts and Azure AD Authentication & .NET Core Identity Server 4 Authentication VS Identity Authentication
BLOG| Integrating with External identity Providers
I am new to Identity Server. I have a doubt. Can we use Identity Server as API? My idea is to give Identity Server the responsibility of Authentication too. So that I can pass the username and password entered by user from my Presentation layer to Identity Server. If the credentials are valid, Identity Server will return the user's details back to my MVC Controller.
Thanks!
I am developing some angular 2.x based application with Identity Server 4 (in asp.net core) as authentication server. Server setup, application authentication is done but now requirement is to support SSO to avoid login in each application.
To do so I am storing authentication token in local storage and trying to reuse in different angular 2 application but it does not work.
What is the standard way to do SSO here with Identity server 4 and any types of clients with any browser?
Thanks in advance.
You should not reuse same authentication token(access token) from both apps. You need to configure two clients(implicit flow will be suitable for this) in identity server and use those clients in your angular apps(one client for each). Both apps will redirect users to same identity server log-in page. When you signed into identity server(from any app) you do not require to sign-in again from the other app.
We currently have several web systems that are using the old Membership provider in silos. I am looking at implementing a new server for identity management and discovered IdentityServer. Is it possible for a user to self-create an identity out of the box? Otherwise, are there add-ons or code samples that would assist in doing something like this?
Identity Server can work with any user store, however only ASP.NET Identity and MembershipReboot is supported out-of-the-box.
If you want to implement your own user store to work with Identity Server, you can implement Identity Server's IUserService interface to abstract it out.
Identity Server itself is not an identity manager but instead an OpenID Connect provider that handles Authentication and Authorization using the OpenID Connect 1.0 and OAuth 2.0 protocols. See my blog post for a brief overview or the big picture section of the official documentation.
I started off in the same situation as you and ended up implementing Identity Server and migrating our user data from ASP.NET Membership to ASP.NET Identity. I would recommend the same for you.
I tried to install two identity servers and both of them use the same MembershipReboot database with Multi Tenancy setting in identity server web.config. (defaultTenant="A" multiTenant="false") and (defaultTenant="B" multiTenant="false")
then I can saw the [UserAccounts] of MembershipReboot database what I accounts created on these two identity servers .
But When I try to login portal client from pass through these two identity servers. portal client passed to the Tenant A can login successful. but the other portal client passed through the Tenant B not.
I don't know how to fix it, may someone can help me, thanks.
IdentityServer v2 does not support multi-tenancy.