You can find all .Net core posts here.
Once I explored and wrote about Authentication in .Net Core using Identity here, many people have asked me to explore and write on IdentityServer4.
So I am starting a series of posts in which I will mainly concentrate on IdentityServer4
In this first post, we will see some of the basics of IdentityServer4.
Nowadays, securing your application with username and password is not just enough. The number of cyber attacks is increasing day by day and to secure your application\APIs – you need a solid authentication and authorization system.
As you can see in above picture, Modern applications are not just simple Server-Client applications but are more like – Web Application calls -> Web API, Client Apps calls -> Web API, Native apps call -> Web API, Web API calls -> Web API etc. In this complex structure, we need a token-based security.
Along with having a solid authentication & authorization system, we also need to have a centralized Auth logic for all our applications\APIs.
To achieve all of them – it would take much time and efforts to build this authentication & authorization system. But we can just use a ready-made framework for all our need of authentication and authorization – That framework is called IdentityServer4
What is IdentityServer4?
- IdentityServer4 is the newest version of the IdentityServer
- IdentityServer4 is open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core
- IdentityServer4 acts as a central authentication server for multiple applications
- It is a hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2
- IdentityServer4 is part of .Net foundation
So in simple words:
- If we want to implement OpenId standard then we need to implement all the rules of the standard but building that is quite hard and time-consuming
- So what if we have a component or a framework which implements all those codes for us and we can just plug it in our application? – That is nothing but the IdentityServer4
- IdentityServer4 is a piece of software that issues security tokens to the clients
- IdentityServer4 is responsible for creating a complete authentication service, with single session input and output for various types of applications, such as mobile, web, native or even other services
- With the use of IdentityServer4, we just need to create a login and logout page (and maybe consent), and rest of the things can be done by IdentityServer4 middleware. Thus client applications can communicate to it using those standard protocols
- IdentityServer4 can be used for securing web APIs as well
As you can see in above picture:
- Users are human which needs to access the resources of the application, APIs etc
- Client is a piece of code which internally calls the IdentityServer4
- Client requests the token from the IdentityServer4 either to authenticate user which is nothing but the Identity tokens or to gain the access to the resources which is nothing but the Access tokens
- Identity token contains all the identity data of the user and used for user authentication
- Access token contains the information about the client & user and use to access the APIs
- Resources are all those important data which are protectable – like the user details, passwords, Fingerprints, Voice phrases of the user, APIs etc
- IdentityServer4 is our hero here – IdentityServer4 is used to issue the security tokens to clients
Some of the features of IdentityServer:
- Authentication as a service – Centralized logic for Login for all the applcations\APIs etc
- It can be used to protect your resources
- It is an Open Source Identity Provider
- Authentication of the users and\or clients
- Single Sign-on
- Can be used to secure the APIs
- provide session management
- To issue identity and access tokens to clients
- To validate tokens
- Gateway to third-party identity providers like Facebook, Google etc.
In the next post, we will see how to create the IdentityServer4 server.(Update – Part II is available here)
Hope it helps.