2

I’m working in a project with Rest-API in the server by using asp.net core 3.1, angular as front for single page application. From each client, the user would need to supply their username and password in order to access protected parts of the web API. I would like to use the features of Identity Server to access the ASP.NET Core Identity UserManager, RoleManager, and SignInManagers to determine if the supplied username and password is valid.

I haven't ever been done this before and I tried to search about this on Internet but not much info I could find. I would like some help of which nuget packages to use, and how should I configure startup.

Thanks

Improve this question
0

2 Answers 2

Reset to default
2

I haven't done this with Angular in particular (I use vue), but it's basically the same concept. A quick Google search turned up an Angular specific tutorial that might be worth looking through: https://fullstackmark.com/post/21/user-authentication-and-identity-with-angular-aspnet-core-and-identityserver. On the IS4 side, I would suggest starting with the Asp.Net Identity IS4 template (https://identityserver4.readthedocs.io/en/latest/quickstarts/6_aspnet_identity.html)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

There are three main types of clients. Official Document For Identity Clients Github link for the Official Identity Sample code

Defining a client for server to server communication

In this scenario no interactive user is present - a service (aka client) wants to communicate with an API (aka scope):

public class Clients
{
    public static IEnumerable<Client> Get()
    {
        return new List<Client>
        {
            new Client
            {
                ClientId = "service.client",
                ClientSecrets = { new Secret("secret".Sha256()) },

                AllowedGrantTypes = GrantTypes.ClientCredentials,
                AllowedScopes = { "api1", "api2.read_only" }
            }
        };
    }
}

Defining browser-based JavaScript client (e.g. SPA) for user authentication and delegated access and API

This client uses the so-called implicit flow to request an identity and access token from JavaScript:

var jsClient = new Client
{
    ClientId = "js",
    ClientName = "JavaScript Client",
    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Implicit,
    AllowAccessTokensViaBrowser = true,

    RedirectUris =           { "http://localhost:7017/index.html" },
    PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
    AllowedCorsOrigins =     { "http://localhost:7017" },

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"
    }
};

Defining a server-side web application (e.g. MVC) for user authentication and delegated API access

Interactive server-side (or native desktop/mobile) applications use the hybrid flow. This flow gives you the best security because the access tokens are transmitted via back-channel calls only (and gives you access to refresh tokens):

var mvcClient = new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Hybrid,
    AllowOfflineAccess = true,
    ClientSecrets = { new Secret("secret".Sha256()) },

    RedirectUris =           { "http://localhost:21402/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:21402/" },
    FrontChannelLogoutUri =  "http://localhost:21402/signout-oidc",

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"
    },
};

Defining clients in appsettings.json

The AddInMemoryClients extensions method also supports adding clients from the ASP.NET Core configuration file. This allows you to define static clients directly from the appsettings.json file:

"IdentityServer": {
  "IssuerUri": "urn:sso.company.com",
  "Clients": [
    {
      "Enabled": true,
      "ClientId": "local-dev",
      "ClientName": "Local Development",
      "ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
      "AllowedGrantTypes": [ "implicit" ],
      "AllowedScopes": [ "openid", "profile" ],
      "RedirectUris": [ "https://localhost:5001/signin-oidc" ],
      "RequireConsent": false
    }
  ]
}

Then pass the configuration section to the AddInMemoryClients method:In Startup.cs

AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"))

Subcategories or detail clients list:

1. Client Credentials:

2. Resource Owner Client

3. JS OIDC Client

4. JS OAuth Client

5. MVC Hybrid Client

6. MVC Implicit Client

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.