1

It's really strange question, but... So, does any pure internal IdentityServer4 analogues in ASP.NET Core exist? I have some Web Services via WebAPI. These services are strongly independent, but I want to restrict an access for part of it (I want to use JWTs). I want to have one certification authority for all my apis, which could use ASP.NET Core Identity, of course, and grants of denys an access for specific api. I don't want to use IdentityServer4 right now - maybe it's possible to solve this problem through an internal resourses of ASP.NET Core.

Thnxs.

Dmitriy
  • 847
  • 17
  • 39

1 Answers1

3

Yes, ASP.NET Core provides out of the box tools for authentications and JWTs.

You will need to configure your Startup class and add the approperiate services/middlware.

Here's an article to get you started:

https://developer.okta.com/blog/2018/03/23/token-authentication-aspnetcore-complete-guide

If I'm not mistaken, IdentityServer actually wraps around these tools under the hood.

Shy Agam
  • 1,285
  • 1
  • 13
  • 37
  • Yes, I know, but I want to have independent authentication server as a service which allow me not to implement token validation on each web api service, but get it in one point. So, IdentityServer4 has an implementation of this, but I hoped ASP.NET Core has it own out of box, because I need lightweight JWT + ASP.NET Core Identity verification mechanism. IdentityServer4 is so "massive" for me... – Dmitriy Feb 18 '19 at 16:55
  • By the way your link pretty good, thnxs. Maybe should I use OpenIddict server implementation? – Dmitriy Feb 18 '19 at 16:58
  • You have to define authentication in ALL of your api services. You can direct them do one server that actually does the authentication, but you have to define at least how they should access it. Otherwise, you're simply *hoping* that they would authenticate, but against which server? :) – Shy Agam Feb 18 '19 at 17:02
  • If authentication is the same for all your web api services, you can create a class library with an extension method that will do the configuration, then you share the library between your projects and simply do a one-liner like `services.ConfigureMyCoolNewAuthentication()`. – Shy Agam Feb 18 '19 at 17:06
  • OpenId is a wider protocol which is built around OAuth2 to provide more security features and is a different topic. Also it really depends on your needs. Here's some more material: https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth – Shy Agam Feb 18 '19 at 17:09
  • Yes, I sholud, but I want to delegate this to the external server. So, the shema is the same: I have some independently hosted web api. I use JWT as a mechanism of auth. I want to have independent identity server which, firstly, authenticate user and gives him jwt, and secondly, each protected api ask him about incoming request token validation and enough permission lvl through the claims. – Dmitriy Feb 18 '19 at 17:11
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/188637/discussion-between-shy-agam-and-dmitriy). – Shy Agam Feb 18 '19 at 22:58
  • Would using a different "scope" for each service work? – Russ Feb 19 '19 at 07:22
  • @Russ, Yes. There are strongly independent services each of it realize own API some of which could be protected. I don't want to have monolith structure (like now). – Dmitriy Feb 19 '19 at 11:23