Asp.net core 5.0 and IdentityServer4 are used to build a basic authentication server and implement the client certificate-based Oauth2.0 authorization process, as well as access token access to protected resources. This article continues to refine the integration of the IdentityServer implementation with the Identity component to use Identity’s users for authorization.
- Integrate Asp.net core Identity with MetaPackage
- Asp.net Core Identity Data persistence
- Asp.net core Identity UI
- Asp.net Core Identity integrates with IdentityServer4
- summary
Integrate Asp.net core Identity
Login is associated with a user name and password. IdentityServer4 or OAuth2.0 and OpenIDConnect require user data to perform authentication and authorization operations. We will implement user data access and authorization processes related to user data in IdentityServer4.
Add the Asp.Net core Identity module to IdentityServer:
Asp.net core Identity is the authentication component of Asp.net core. It not only contains the data required for authentication and data persistence support, but also provides user management, login management and a series of services and UI. When creating a new Asp.net Core MVC or API project, this component is included by default if the authentication option is checked, but since the examples in the text are starting from scratch, the Identity component also needs to be added manually.
Before adding Identity is another concept need again metapackege (yuan package, specific reference: natemcmaster.com/blog/2018/0…). Net core is a set of shared libraries that provide the basic runtime and functionality of.net core and asp.net core applications. By default, projects are created by relying on the corresponding.net core version of the meta-package, which is actually shared in the dotnet installation directory. The advantage of the meta-package is that when the framework is published, the distribution file does not need to contain the content of the meta-package, reducing the size of the distribution file:
Asp.net Core 5.0 applications contain two meta-packages:
Where microsoft.aspnetcore. App contains the basic components of Identity:
The basic components of Identity, such as IdentityUser and other related entities and related service types/interfaces, are already included in the basic components. In other words, using Identity only requires data persistence and UI.
Asp.net core Identity Data persistence
EF Core is the preferred data persistence framework under.net Core, so identity also provides the EF Core data persistence component. Add the EF Core identity data persistence component:
And to facilitate further extensions, create a new ApplicationUser that inherits from IdentityUser and ApplicationDbContext that inherits from IdentityDbContext<ApplicationUser> :
Add Identity’s data context and Identity service:
Add database migration code and update to database:
Add-Migration initIdentityDb -c ApplicationDbContext -o Migrations/IdentityServer/IdentityDb
Update-Database -Context ApplicationDbContext
Asp.net core Identity UI
Identity’s UI is a Razor class library. In other words, the page file is contained in the class library. If you want to modify the UI, you can build it using VS Code (see VS Code documentation: docs.microsoft.com/en-us/aspne…). :
Select the “Identity” option in the “Identity” dialog:
In the Identity dialog box, select “Replace all files”, leave the layout file blank, and select Identity’s DbContext:
Add Razor services, static file processing middleware (accessing files such as JS), and Razor endpoint maps:
Access to the login address: https://localhost:55002/Identity/Account/Login
So far the Identity database and UI have been added to the project and are running, but there are still some issues, such as the default Identity UI-related functionality relies on the IEmailSender component and needs to be integrated with IdentityServer4. The basic functions such as login, registration, and logout need to be modified based on the requirements of IdentityServer4.
Asp.net core Identity With IdentityServer4 integration
Enter below IdentityServer4 with Asp.net core Identity integration work, first to add IdentityServer4. AspNetIdentity components:
Then add the related service to the container via IIdentityBuilder:
Finally, modify the Identity registration code, comment out the code related to IEmailSender. The default generated code contains the mail sending logic, but there is no EmailSender implementation. In addition to commenting the relevant code, you can also implement an IEmailSender and register it with the container to solve the problem) :
Start the application, visit the registration page registered users: https://localhost:55002/Identity/Account/Register
Grant Type (password) based on the user name and password to obtain the access token.
Here are the access tokens obtained with the newly registered username and password:
The access token payload contains the following information:
Tip: When obtaining the Token in IdentityServer4, the Client information and related parameters are verified according to the request. In this example, if the Client does not support Grant Type of Password, If the Access Token fails to be obtained or some authentication error occurs, check the output of IdentityServer in debug mode, which contains information about the success or failure of the authorization.
summary
This article integrates asp.net core identity component to achieve user management, including registration, login, etc., and realizes the Access Token through registered users, based on Oauth2.0 user name and password grant type mode (password grant type). So far, this article has implemented the Oauth2.0 protocol for IdentityServer. The next article will cover OpenIDConnect(OIDC). In addition, Identity login is only the content of Identity itself at the present stage. For OpenIDConnect or IdentityServer4, it also has some additional operations, such as events and authorization consent, which will be improved in subsequent articles.
Reference:
Docs.microsoft.com/en-us/aspne…
Natemcmaster.com/blog/2018/0…
This paper links: www.cnblogs.com/selimsong/p…
Build an IdentityServer — directory from zero