1

I'm building medi store API that needs to limit create, update and delete endpoints to specific users, while read action is open, public endpoint. Consumers of CUD operations are services and never users as a person that needs UI to register/login.

Should I go with something like this:
JWT authentication for ASP.NET Web API

Or should I listen to Microsoft:

ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following:

  • Azure Active Directory
  • Azure Active Directory B2C (Azure AD B2C)
  • IdentityServer4

My question: Is the linked solution combined with Net Core Identity(something like this) less secure than using IdentityServer4 with Net Core Identity

awashima
  • 94
  • 6
  • Not sure but IdentityServer seems to be an overkill solution for your needs. The linked answer seems a bit complex. I have followed [this tutorial](https://garywoodfine.com/asp-net-core-2-2-jwt-authentication-tutorial/) just adding the required calls to have ASP.NET Core Identity to validate the user token request and at the moment I am satisfied with the results – Steve Aug 14 '20 at 15:29
  • It takes 4 redirects and around 15 db queries to log in with IdentityServer4. The thing is slow as hell. I would recommend anything but IdentityServer. Even the official MS implementation is slow. Just try signing in to azure.com to see what I'm talokg about. – Hirasawa Yui Aug 14 '20 at 15:59

0 Answers0