Menu
Couldn't configure the identityserver 4 authorization and bearer token authentication middleware in the same project.
451
In this article IdentityServer is an authentication server that implements OpenID Connect (OIDC) and OAuth 2.0 standards for ASP.NET Core. It's designed to provide a common way to authenticate requests to all of your applications, whether they're web, native, mobile, or API endpoints.
This value is used for authentication with introspection and will be added to the audience of the outgoing access token. DisplayName. This value can be used e.g. on the consent screen. Description.
The two fundamental resource types in IdentityServer are: identity resources: represent claims about a user like user ID, display name, email address etc… API resources: represent functionality a client wants to access.
It is now a built-in feature of Identityserver. Added with this PR.
services.AddLocalApiAuthentication();
And here is an official example of a protected API.
71
I suggest you make API and Identity Server in separate apps. This makes it a lot easier to maintain.
Identity server provides you the authentication against your clients/API's. The database operations , the business logic should be handled by your clients/APIs . So keep them in separate apps should be a better choice .
If you insist on making them in single project , you can click here and here for code samples.
35
You shouldn't.
The thing is that your authentication and your application are totally different services, with different scopes, and you should make them different.
This goes with Separation of Concern : if you want to change your auth service later, you won't have to modify your whole application.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
