locked
ASP.NET Core Identity data store not accessible from web site RRS feed

  • Question

  • User100248066 posted

    In our production environment, the public-facing website does NOT have access to any databases.  Everything must go through an application layer (normally REST API) that lives in a DMZ that does have access to the databases.  

    The website that is under development is still using the OTB ASP.NET Core Identity that is going directly to a DB.  While it works great on a development machine, the data access layer needs to be moved into an application layer.  What is the correct way to do that?  Is this the role of services like IdentityServer4 and OpenIddict?  

    Any and all help to understand how to solve this is much appreciated!

    Monday, March 8, 2021 2:51 PM

Answers

All replies

  • User-474980206 posted

    Yours is a very common requirement. If you are using the OTB user manger, you want a custom storage manger that calls a web service, rather than the database directly.

    https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers?view=aspnetcore-5.0

    google for example. Identity server and openid are for when you want to use oauth for authentication. Unless you used an existing oath service, you would face the same restriction with the oauth server.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 8, 2021 3:32 PM
  • User100248066 posted

    Bruce,

    Thank you for the quick reply, this is what I was looking for!  I have read over the page and it looks like there is quite a bit of work to implement a custom UserStore. 

    yes, I figured this was a very, very common requirement.  That being the case, is there a template out there that implements everything as a rest api back to the OTB user store in the DMZ?  This way I don't have to reinvent the wheel...

    Monday, March 8, 2021 8:38 PM