Reputation: 3035
Identity management framework in ASP.NET
A new application is being built with an Angular Client and a ASP.Net Web API back end. The back end will be consumed by the Angular Client only in the short term (1 year), but will be consumed externally (mobile and 3rd parties) in the long run.
What are the pros and cons of using ASP.NET Identity vs IdentityServer4 initially in securing the API? How difficult will it be to switch over to IdentityServer from ASP.NET Identity down the road and is it worth the effort of using IdentityServer from the beginning.
Upvotes: 0
Views: 109
Answers (1)
Reputation: 5598
ASP.NET Identity is a user store, with some helper libraries that enable cookie authentication on top of it. Using ASP.NET Identity to protect HTTP APIs is not what it was designed for.
IdentityServer 4 is an OAuth & OpenID Connect authorization server. Using IdentityServer to protect HTTP APIs is exactly what it was designed for.
Upvotes: 3
Related Questions
- identity server 4 as a API and web project
- Pure ASP.NET Core Identity Server
- how to do user management with identityserver4 and asp.netcore identity
- Identity Server 4 User management API
- IdentityServer4 with ASP.Net Identity Project Architecture
- IdentityServer4 w/AspNetIdentity and Registration API Methods
- IdentityServer4 and user management
- Identity Server 4 and web api for user management
- IdentityServer 4 as a web API
- IdentityServer, Claims and Roles