-> I want to use Identity server 4 as a central token generator for some clients.
-> Here my problem is I have implemented Identity server 4 with the help of docs, in the docs the IS4 is using its own database for users to login.
-> Can someone explain the way to connect to my own users database for login and token generation. (I'm using the latest version of IS4 and .net core).
Thanks in advance :)
Note:
I have tried all the things from docs
-> http://docs.identityserver.io/en/latest/quickstarts/8_aspnet_identity.html
The AccountController is a starting point for you to adapt to suit your own requirements.
This template uses ASP.NET Core Identity for user management.
Your choices are
Migrate your users to use the Identity's table structure
Provide a custom storage provider to ASP.Net Identity that uses your existing user tables (Custom Storage Provider)
Implement your own user management\storage service and change AccountController to use it
If you have a custom database you want to connect to, you can implement the IProfileService. IdentityServer4 uses an instance of that interface to collect user details. Docs: click
Related
We have an IdentityServer4 project, A web Api project (.net core 5) and an SPA front project (Vue.js).
User creation will be done when SPA send a register request to IS4 project local endpoint.
Then we have a createCompany endpoint which need to create a a company in webApi project and update CompanyId in IdentityServer4 project.
The question is how it is better to be implemented ?
Should webApi directly call IdentityServer4 endpoint to update companyId or front end should send seperate request to IS4 for update companyId ?
What is the best way to access UserManager from webApi ? for example get the list of users with specific CompanyId ? Or specific EmailAddress ? Should I create a separate local endpoint for each one of them in IS4 ? Is there any way to fully manage users from webapi directly without creating many endpoints for user management in Identityserver4 ?
I think you're missing some info on how IdentityServer4, OAuth 2.0, and OpenID Connect works. IdentityServer4 is an OAuth and OpenID Connect implementation. IdentityServer4 does not have any way to manage a user database or authenticate users. It is for generating OAuth 2 and OpenID Connect compliant tokens using a user store of your choice behind it.
Some options for managing users includes:
ASP.NET Core Identity
Your own homegrown solution
Services such as Okta, Auth0, Azure AD B2C, etc.
Don't handle users at all in the traditional sense, and use OpenID Connect with Google Authentication, Facebook Authentication, etc. (this is where you see on websites "Log in with Google" and things like that).
Read a little more here at the updated IdentityServer4 project, Duende IdentityServer.
You'll need to use one of these to manage users and I'd recommend not tying a ton of custom logic to IdentityServer4 specifically unless you really need to. Keep it for authorization and leave everything else to your own API or one of these other solutions mentioned.
Keep in mind, IdentityServer4 is almost end of life and will not be updated after November 2022 and is only receiving critical security bug fixes.
So, if understand correctly, you want to create a user and save it to IS4.
Then you want to call webApi to create a company and finally you must pass companyId to IS4 in the new user.
If you don't need to pass data from IS4 to webapi to create company you can just call webApi first to create company and after that call IS4 passing companyId. (I don't prefer this solution)
If webApi has many transactions with identity it's better to call identity from webApi rather than from SPA. It's easiest and safest directly from webApi.
I am looking at adding OpenID Connect support to an existing ASP.NET Core application which uses ASP.NET Core Identity and a local SQL database of users. These users have profiles within the application and have multiple database tables linked to them, such as events and items that they created.
My question is, is there a recommended way to ensure that when the user authenticates via Azure AD using OpenID Connect, they become associated in some way to the existing user that is in the AspNetUsers database table?
See this article Persist additional claims and tokens from external providers in ASP.NET Core. It describes how you can lookup and map local user claims with the external user.
I'm working on a new asp.net mvc 5 app for a small company and am trying to figure out how to create the membership database using the new asp.net Identity system. I thought there might be an admin interface I can use which would create the database and allow me to add a few users/roles. Is there an admin interface for this task or another way I will need to accomplish it? Are there any tutorials on doing something like this? All I have been able to find so far has dealt with external logins using other providers such as Facebook or Google.
I'm pretty sure that it's based off of Entity Framework Code First. When you create the db context, it should create the table for you automatically.
http://msdn.microsoft.com/en-us/data/jj193542.aspx
MVC 5 Template with VS2013 use ASP.NET Identity instead of membership provider and has no admin interface. After creating a new MVC5 project in VS2013, run the website. Once you register the first user on the web interface a local database will be created under the App_Data folder. You could rename the connection string to point to other database and register user again to create the database. To add users you could enable migration and use the seed method.
Scott Allen published a great video which might help you to understand ASP.NET Identity more
http://pluralsight.com/training/courses/TableOfContents?courseName=aspdotnet-mvc5-fundamentals&highlight=scott-allen_aspdotnet-mvc5-fundamentals-m2-katana*8#aspdotnet-mvc5-fundamentals-m2-katana
I have the requirement to setup authentication and authorization on a WCF Service, right now the service is created and working but no authentication.
There is also the need to authenticate existing users and passwords that are being stored in a SQL database and are already used by another web application, but since I do not have the source code for it, and being still adjusting do .NET I am having some dificulties.
I can read the database and found several aspnet_ tables in the database such as aspnet_Users, aspnet_Roles etc that so far seem to match with the ones used in the web application.
My question is how can I easily implement authentication and method authorization using the existing database.
Please note that I do not have access to the web-application source code.
Thanks.
MVC uses the standard ASP.Net membership provider. If you click the Log On button/register link - you can add a user. ASP.Net will create App_Data\ASPNETDB.MDF containing the membership information. You can move ASPNETDB.MDF to a remote DB server, but you must use the Membership provider schema/DB (unless you write your own provider).
A few MVC links to get you started.
http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-forms-authentication-vb
http://weblogs.asp.net/fredriknormen/archive/2007/11/25/asp-net-mvc-framework-security.aspx
http://blog.wekeroad.com/blog/aspnet-mvc-securing-your-controller-actions/
The default authentication/authorization configuration added use ASP.NET standard membership and role manager service provider( the local SQL Express one). If your existing database(for user login) is also ASP.NET standard sql membership database, you can simply change the connection string of the membership section. Otherwise, you might need to create a custom membership provider which uses your own database tables for user authentication.
Implementing a Membership Provider
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Building Custom Providers for ASP.NET 2.0 Membership
http://msdn.microsoft.com/en-us/library/aa479048.aspx
Really no easy way to achieve your requirements. Here is the library you can use and follow stricktly steps described in this blog to setup authentication with SQL Membership provider for WCF services.
In my case I did small update to the library. I've commented out line of code
//if (!IsAnonymousAllowed)
I have built an internal Database for Clients. Its C# with an MS-SQL DB. I have integrated the ASP Website SQL Server and the Internal SQL Server to use the one database. Both the Website and the Internal Database are working.
I want to be able to automatically register a client to use the webpage once they have become a Client in my Internal Database. Using ASP (I am learning still) I see there is a membership provider and it seems to do all the validation and so on. Passwords are all handled and encrypted etc..
What would be the best way to add a user to the SQL Tables but keep the security and so on? Can I create a membership provider in my DB Client when adding a Client and use that to create the Clients Login to the Web Page?
I am using the default ASP .NET Web Application Template in VS 2010. The ASP Site is all standard config from the template.
Thanks!
You should call the methods on the membership provider. Don't get into the specifics of how the membership provider is working, the whole point of the provider model is that you can swap out the default SQL one for any other implementation.
If you look at the MembershipProvider base class (http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx) you can see the list of methods that it provides. You will need to call Membership.CreateUser() as part of your custom registration process, it has several overloads to choose between.
Looking at the default SQL Config and stored proceedures, we can use these.
See this.
The sample code by Chris Pels is excellent for helping with this solution. Thanks Chris!