CODEWITHSUNDEEP
asp.net-mvcasp.net-web-apiasp.net-coreasp.net-core-mvc
marc08
marc08

Reputation: 481

asp.net core identity + api

I just started learning asp.net core. I would like to create a simple web app, where I would have a rest API in asp.net core and then a separate frontend with some angular consuming that API.

I just got a bit stuck trying to figure out ASP.NET Core Identity and cookie/token authentication...

My question is pretty simple: Can I just create an API and use Entity Framework for database handling and ASP.NET Core Identity to handle creating and managing users and authorization? Do I have to also to use some JWT, OAuth or anything like that? It's just this is all super new to me and I am getting confused, because every example/tutorial shows it in a different way and I am getting very confused...

Thanks for any help!

Upvotes: 7

Views: 4487

Answers (2)

Donkey
Donkey

Reputation: 1

Can I just create an API and use Entity Framework for database handling and ASP.NET Core Identity to handle creating and managing users and authorization?:

ASP.NET Core Identity Framework utilizes Entity Framework to handle/manage user authentication and authorization. When implemented, the framework will generate the databases and tables it needs for Identity Framework using Entity Framework. So when writing your api/logic for user management using Identity Framework, you will have to use EF. For all other Models/Entities you can just use your own Database (which is separate from the Identity Databases) and still choose to use EF for that part but that's up to you.

Do I have to also to use some JWT, OAuth or anything like that?

This is also up to you and is supported but not mandatory.

Upvotes: 0

charger
charger

Reputation: 319

I'm working on a project that's very similar. Check out IdentityServer4 https://identityserver4.readthedocs.io/en/release/index.html. It's an open source OpenID Connect/OAuth 2 framework for ASP.NET Core created by the guys from leastprivilege https://leastprivilege.com.

You can handle protecting your APIs with JWTs and configure IdentityServer to use ASP.NET Core Identity for its user store. This section here describes protecting the API: https://identityserver4.readthedocs.io/en/release/configuration/apis.html

This is basically how you add ASP.NET Identity, IdentityServer, and configure IdentityServer to use ASP.NET Identity in your Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

services.AddMvc();

// Adds IdentityServer
services.AddIdentityServer()
    .AddAspNetIdentity<ApplicationUser>();
}

Then protecting an API is just a few lines of code in Startup.cs

public void Configure(IApplicationBuilder app)
{
    app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
    {
        Authority = "https://demo.identityserver.io",
        AllowedScopes = { "api1" },
    });

    app.UseMvc();
}

Then you would have to configure your angular app to be a "client" of IdentityServer and be able to access your API "resource". There is a whole tutorial on adding JavaScript clients: https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html

Upvotes: 2

Related Questions