locked
What does ASP.NET Core Identity provide that I cannot do with bare IdentityServer4? RRS feed

  • Question

  • User-1128090897 posted

    Hi folks,

    I'm looking into removing Azure B2C from a project of mine, for reasons relating to automation and such (which B2C is not yet very compatible with), but want to keep my auth work flows the same. So, I'm looking at ASP.NET Core Identity. Currently, we use B2C to secure our REST API server. We have a React SPA that redirects to B2C for tokens that we then use to access our REST API. I would be needing to implement a self-hosted replacement for B2C, basically. I see that my options appear to include ASP.NET Core Identity and IdentityServer4.

    I'm a bit confused as to what each of these projects provide, though. It seems to me that they have a ton of overlap. For example, the official ASP.NET Core Identity documentation says to use IdentityServer4 if you're trying to secure a REST API. I even see that the official Visual Studio project templates use IdentityServer4 if you choose a Web Api project template and choose to enable single account authentication. But then on the IdentityServer4 documentation I see a section explaining how to then integrate IdentityServer4 back into ASP.NET Core Identity. This circular dependency / integration has me a bit confused.

    So I come here for help with clarifying this ...

    If I'm using IdentityServer4, why would I maybe want to use ASP.NET Core Identity? What does Identity provide on top of IdentityServer4?

    As a beginner, the documentation has me very confused. Thanks!

    Friday, April 24, 2020 4:55 AM

All replies

  • User753101303 posted

    Hi,

    Basically ASP.NET Identity is a user management API your app could use to manage users regardless of where they are stored behind the scene. Have a look at https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers?view=aspnetcore-3.1 to better understand the architecture.

    The confusing part is likely that it comes with a default EF implementation to store users in a database but it could be used for any kind of user directory.

    Friday, April 24, 2020 10:05 AM
  • User-474980206 posted

    microsoft noticed the same overlap. so for core they changed identity 4.1 to be a library called from asp.net core. a standalone identity 4 server, is just a simple asp.net core app calling the library.

    this also allows any asp.net core app to use the library and just pick features, like callback support. so your web server can also be the identity server, or it can use a remote identity server. 

    Friday, April 24, 2020 3:59 PM
  • User-1128090897 posted

    microsoft noticed the same overlap. so for core they changed identity 4.1 to be a library called from asp.net core. a standalone identity 4 server, is just a simple asp.net core app calling the library.

    Bruce, is 4.1 a typo and meant to be 3.1? I'm not seeing a 4.1 referenced anywhere. I see the asp.net core 3.1 docs for identity, and then the docs jump to a 5.0 preview. I just want to make sure I'm spending this time learning the latest version. Thanks!

    Friday, April 24, 2020 9:31 PM
  • User-474980206 posted

    yes. the version numbers don't match up.

    with asp.net core 3.1. the identity server code (core version) was moved to the asp.net core project rather than being standalone nuget package. then the standalone identity server 4.1 was build with this code. 

    so, if you are coding with asp.net core 3.1+, you can forget about identity server and just use the netcoreapp3.1 framework. there is a nuget package :

        Microsoft.AspNetCore.Authentication.AzureAD.UI
    which give a ui and middleware for your site to use an azure AD for authentication. but is just a wrapper around the openid support in the framework.

     

    Friday, April 24, 2020 9:49 PM
  • User-1128090897 posted

    Hmm, OK. I'm getting a bit confused again.

    So I had been following the documentation for IdentityServer4, which lead me through various tutorials that, from my understanding, had nothing to do with Asp.Net Core Identity. At the end of that IdentityServer4 tutorial, it wraps things up by explaining how to integrate IdentityServer4 with Asp.Net Core Identity. So in my head, these are two separate libraries that provide their own utility - Asp.Net Core Identity being user management, IdentityServer4 being the authorization / authentication parts.

    The naming is a bit confusing with Identity's server, and IdentityServer. Are you just saying that previous versions of Identity were a stand alone library, and now it's all built into Asp.Net Core (which is what I do see in my code and the docs, I believe)? Or are you saying that I can disregard IdentityServer4 because it has now been pulled into Asp.Net Core as well?

    I do see packages baked right into AspNet Core that seem to indicate it can handle OpenID all on its' own - Microsoft.AspNetCore.Authentication.OpenIdConnect. Does this mean I don't need IdentityServer4?

    Sorry for the confusion. I appreciate the explanations.

    Friday, April 24, 2020 10:25 PM
  • User711641945 posted

    Hi rcoleils2,

    ASP.NET Core Identity is a database API to manage users, roles, claims, email confirmation tokens etc. Something you can use for implementing signup, login, change password etc.

    IdentityServer is an OpenID Connect and OAuth 2.0 implementation. It gives you features like single sign-on and API access control. This is useful if you want to share users between multiple client applications.

    More details about Identity,Identity Server4 and how to use Identity in Identity Server 4,refer to:

    https://stackoverflow.com/a/42475868/11398810

    https://identityserver4.readthedocs.io/en/aspnetcore1/quickstarts/6_aspnet_identity.html

    Best Regards,

    Rena

    Tuesday, April 28, 2020 8:46 AM