7

I just started learning asp.net core. I would like to create a simple web app, where I would have a rest API in asp.net core and then a separate frontend with some angular consuming that API.

I just got a bit stuck trying to figure out ASP.NET Core Identity and cookie/token authentication...

My question is pretty simple: Can I just create an API and use Entity Framework for database handling and ASP.NET Core Identity to handle creating and managing users and authorization? Do I have to also to use some JWT, OAuth or anything like that? It's just this is all super new to me and I am getting confused, because every example/tutorial shows it in a different way and I am getting very confused...

Thanks for any help!

Improve this question
6
  • You can create and consume without any identity and cookie/token authentication. Commented Jan 11, 2017 at 11:44
  • 1
    Right, but can I use identity (I want to have users that will be able to log in, I want to restrict access to the api based on users roles etc) so i want to use asp net core identity. Can i do it without any token authentication? Commented Jan 11, 2017 at 11:51
  • You can do this but need to handle and maintain session on your api. Browser did this for us but in api you need to handle this as well. Commented Jan 11, 2017 at 13:00
  • @Ahmar you should't maintain sessions for API, they relay o REST verbs and must be stateless as HTTP it self.You can add support to JWT based on this post blogs.msdn.microsoft.com/webdev/2016/10/27/… Commented Jan 11, 2017 at 20:41
  • I think this will help you. blinkingcaret.com/2016/11/30/asp-net-identity-core-from-scratch Commented Feb 14, 2017 at 12:29

2 Answers 2

Reset to default
2

I'm working on a project that's very similar. Check out IdentityServer4 https://identityserver4.readthedocs.io/en/release/index.html. It's an open source OpenID Connect/OAuth 2 framework for ASP.NET Core created by the guys from leastprivilege https://leastprivilege.com.

You can handle protecting your APIs with JWTs and configure IdentityServer to use ASP.NET Core Identity for its user store. This section here describes protecting the API: https://identityserver4.readthedocs.io/en/release/configuration/apis.html

This is basically how you add ASP.NET Identity, IdentityServer, and configure IdentityServer to use ASP.NET Identity in your Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

services.AddMvc();

// Adds IdentityServer
services.AddIdentityServer()
    .AddAspNetIdentity<ApplicationUser>();
}

Then protecting an API is just a few lines of code in Startup.cs

public void Configure(IApplicationBuilder app)
{
    app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
    {
        Authority = "https://demo.identityserver.io",
        AllowedScopes = { "api1" },
    });

    app.UseMvc();
}

Then you would have to configure your angular app to be a "client" of IdentityServer and be able to access your API "resource". There is a whole tutorial on adding JavaScript clients: https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Can I just create an API and use Entity Framework for database handling and ASP.NET Core Identity to handle creating and managing users and authorization?:

ASP.NET Core Identity Framework utilizes Entity Framework to handle/manage user authentication and authorization. When implemented, the framework will generate the databases and tables it needs for Identity Framework using Entity Framework. So when writing your api/logic for user management using Identity Framework, you will have to use EF. For all other Models/Entities you can just use your own Database (which is separate from the Identity Databases) and still choose to use EF for that part but that's up to you.

Do I have to also to use some JWT, OAuth or anything like that?

This is also up to you and is supported but not mandatory.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.