Own authenticate and autorization server asp net core

Question

I would like to create my own local authentication server but I don't know how it should be done.

Most of articles are about OAuth, Identity4Server, google, facebook etc authentication, but I can't find any article about custom solution. Msdn is poor in this topic too.

At this moment I have something like this:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(o =>
            {
                o.MetadataAddress = "http://localhost:5000";
                o.Authority = "http://localhost:5000";
                o.Audience = "http://localhost:5001";
                o.RequireHttpsMetadata = false;
                o.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidIssuer = "http://localhost:5000",
                    ValidAudience = "http://loclhost:5001",
                };
            })
            ;

    }

Do I think correctly that the Authority is an address of my IdentityServer? So why when I'm using:

    [HttpGet, Authorize, Route("/")]
    public async Task<IActionResult> Get()
    {
        return Content("You are autorized.");
    }

any request comes to my authority server?

Do I need to create my own authentication scheme where I post request to my authoirty server or there are built-in mechanisms in JwtBearer AutheniticationScheme?

Answer 1

IdentityServer is just a building block for a custom solution. It helps tie all of the middleware together, so you do not have to start from scratch.

If you want to write a custom auth solution, my suggestion would be to start with IdentityServer and customize it from there.