IdentityServer4 in simple words: IdentityServer4 with .Net Core Part I

id2

You can find all .Net core posts here.

Once I explored and wrote about Authentication in .Net Core using Identity here, many people have asked me to explore and write on IdentityServer4.

So I am starting a series of posts in which I will mainly concentrate on IdentityServer4

In this first post, we will see some of the basics of IdentityServer4.

Nowadays, securing your application with username and password is not just enough. The number of cyber attacks is increasing day by day and to secure your application\APIs – you need a solid authentication and authorization system.

id3

As you can see in above picture, Modern applications are not just simple Server-Client applications but are more like – Web Application calls -> Web API, Client Apps calls -> Web API, Native apps call -> Web API, Web API calls -> Web API etc. In this complex structure, we need a token-based security.

Along with having a solid authentication & authorization system, we also need to have a centralized Auth logic for all our applications\APIs.

To achieve all of them – it would take much time and efforts to build this authentication & authorization system. But we can just use a ready-made framework for all our need of authentication and authorization – That framework is called IdentityServer4

What is IdentityServer4?

  • IdentityServer4 is the newest version of the IdentityServer
  • IdentityServer4 is open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core
  • IdentityServer4 acts as a central authentication server for multiple applications
  • It is a hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2
  • IdentityServer4 is part of .Net foundation

So in simple words:

  • If we want to implement OpenId standard then we need to implement all the rules of the standard but building that is quite hard and time-consuming
  • So what if we have a component or a framework which implements all those codes for us and we can just plug it in our application? – That is nothing but the IdentityServer4
  • IdentityServer4 is a piece of software that issues security tokens to the clients
  • IdentityServer4 is responsible for creating a complete authentication service, with single session input and output for various types of applications, such as mobile, web, native or even other services
  • With the use of IdentityServer4, we just need to create a login and logout page (and maybe consent), and rest of the things can be done by IdentityServer4 middleware. Thus client applications can communicate to it using those standard protocols
  • IdentityServer4 can be used for securing web APIs as well

Example

id1

As you can see in above picture:

  • Users are human which needs to access the resources of the application, APIs etc
  • Client is a piece of code which internally calls the IdentityServer4
  • Client requests the token from the IdentityServer4 either to authenticate user which is nothing but the Identity tokens or to gain the access to the resources which is nothing but the Access tokens
  • Identity token contains all the identity data of the user and used for user authentication
  • Access token contains the information about the client & user and use to access the APIs
  • Resources are all those important data which are protectable – like the user details, passwords, Fingerprints, Voice phrases of the user, APIs etc
  • IdentityServer4 is our hero here – IdentityServer4 is used to issue the security tokens to clients

Some of the features of IdentityServer:

  • Authentication as a service – Centralized logic for Login for all the applcations\APIs etc
  • It can be used to protect your resources
  • It is an Open Source Identity Provider
  • Authentication of the users and\or clients
  • Single Sign-on
  • Can be used to secure the APIs
  • provide session management
  • To issue identity and access tokens to clients
  • To validate tokens
  • Gateway to third-party identity providers like Facebook, Google etc.

Last but not the least – Special thanks to Dominick Baier and Brock Allen for creating such an awesome IdentityServer framework.

In the next post, we will see how to create the IdentityServer4 server.(Update – Part II is available here)

Hope it helps.

Advertisements

4 thoughts on “IdentityServer4 in simple words: IdentityServer4 with .Net Core Part I

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s