IdentityServer4 with ASP.Net Identity Project Architecture

Question

I'm working on RESTful API that implements OpenID and Oauth2. IdentityServer4 offers both and works perfectly, however nearly all examples and tutorials use in memory Test Users

I've been struggling to understand how I can implement IdentityServer4 with database while having some sort of a services that allows users accounts to be created and managed.

I'm confused whether the registration and account management services should take place on IdentityServer4 itself or somewhere else, on a different project.

I've been trying to glue together IdentityServer4 with ASP.NET Identity in a single project, however I have no idea whether this approach is correct or not.

How would architecture that implements IdentityServer4 and ASP.Net Identity look like? Should I create 2 separate projects, one for IdentityServer4 and the other for ASP.Net Identity, or should I try combining both?

Answer 1

It really boils down to what your requirements are. ASP.Net Identity implements a lot of boilerplate stuff and is good for getting you up and running quickly and it integrates well with IDS4. We used it in our implementation but ended up customizing it a LOT so I'd suggest if your requirements differ significantly from what it provides out of the box it may be more of a pain in the long term to have that additional dependency.

In my opinion it makes sense to treat your identity server as a self contained (micro) service that owns its own data (users, clients, persisted grants etc) and exposes any needed APIs for managing said entities from outside. IDS4 does not stipulate or particularly care how you do user authentication or how you store the data so you're free to implement that any way you like.

Do you have a preference when it comes to database? How will it be deployed?