How to use ThinkTecture IdentityServer 3 in Web Api 2

Question

I have been reading a lot about how to implement a full authentication and authorization system in Asp.Net Web Api 2 which includes registering, sending email confirmations, issuing both access tokens and refresh tokens, etc. I have successfully done all of that after all, however, it looks such an un-necessary over head to have to do it for every single project.

I am still not sure, but I believe the "Thinktecture IdentityServer" is a package that has been put together to provide all of this, am I right?

If yes, can anyone tell me (in a very straight forward way) how can I create a new Web Api project and easily get all the above mentioned features using this package?

Answer 1

Thinktecture identity server v3 is a collection of highly configurable modules, so there is a fair amount of code to write to set it up how you want it. The Thinktecture wiki has a good 'hello world' example that might be enough to get you going:

Hello world

After that, download the samples, find the one that most closely matches your situation, and build upon that. In particular, you'll want to set up a database to save your registered users to. The related 'MembershipReboot' project is generally the one you use to do data access, along with the 'MembershipReboot.Ef' addon that will autocreate your database using EntityFramework.

MembershipReboot is where you set up which email events you want to use.

Email config in membership reboot

Answer 2

Here's To USE the identityServer3 that you set up separately:

(IdentityServer3 has some out of the box server-setup examples that may be good enough for you, or might only need a slight configuration)

Nuget the Microsoft OpenID Connect (I think its called: Microsoft.Owin.Security.OpenIdConnect)

Point the OpenID Connect middleware (also in Startup.cs) to the IdentityServer.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = "https://myIdsrv3Path/identity",
    ClientId = "myapi",
    RedirectUri = "https://myIdsrv3Path/", // or 
    ResponseType = "id_token",

    SignInAsAuthenticationType = "Cookies"
});

In the IdentityServer3 set the accepted clients to include "myapi", with the claims you need.

There is more to explain about authorization, but this answers your basic question for securing an api.

---

See the IdentityServer3 documentation: https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html

Scroll down to the section called: Adding and configuring the OpenID Connect authentication middleware.