CODEWITHSUNDEEP
asp.net-coreidentityserver4asp.net-core-2.2asp.net-core-identity
Jonas Stawski
Jonas Stawski

Reputation: 6752

Add Asp.net Core Identity to an API secured with Identity Server

I have an ASP.NET Identity Server 4 configured for authorization and authentication with ASP.NET Core Identity (Auth Server). I also have a separate ASP.NET Core API (API) configured to use the Auth Server. From a Console App I am able to authenticate to the Auth Server using GrantTypes.ClientCredentials and use the accesstoken to execute a request to the API. Everything works as expected.

I would like to use this API as an Identity Management API to add/edit/remove Users, Roles, etc so I configure it using ASP.NET Core Identity, but now when I execute the same request from the Console App, I get a 404 because the API is redirecting to the Login screen which doesn't exist (it's an API after all). What this tells me is that the current AccessToken and Identity Server auth is not being used. Which means that my new configuration seems to overwrite the Identity Server one.

API Startup.cs

    public void ConfigureServices(IServiceCollection services)
    {
        string connectionString = Configuration.GetConnectionString("IdentityContextConnection");

        //This was added for ASP.NET Identity
        services.AddDbContext<IdentityContext>(options =>
             options.UseSqlServer(connectionString));

        //This was added for ASP.NET Identity
        services.AddIdentity<IdentityUser, IdentityRole>()
               .AddEntityFrameworkStores<IdentityContext>()
               .AddDefaultTokenProviders();

        services.AddMvcCore()
            .AddAuthorization()
            .AddJsonFormatters();

        services.AddAuthentication("Bearer")
            .AddJwtBearer("Bearer", options =>
            {
                options.Authority = "http://localhost:5000";
                if (Environment.IsDevelopment())
                    options.RequireHttpsMetadata = false;
                options.Audience = "management-api";
            });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseAuthentication();
        app.UseMvc();
    }

How can I have this API authenticate and authorize against my Auth Server and use ASP.NET Identity at the same time?

Upvotes: 2

Views: 893

Answers (1)

Jonas Stawski
Jonas Stawski

Reputation: 6752

The issue is with the use of services.AddIdentity<IdentityUser>(). As explained in this answer, AddIdentityCore should be used for "adding the services that are necessary for user-management actions", while AddIdentity does the same plus all authentication, which was overwriting my Identity Server authentication.

The final configuration: 

services.AddIdentityCore<IdentityUser>()
            .AddRoles<IdentityRole>()
            .AddUserManager<UserManager<IdentityUser>>()
            .AddEntityFrameworkStores<IdentityContext>()
            .AddDefaultTokenProviders();

Upvotes: 3

Related Questions