Reputation: 222
Securing thick client with IdentityServer4
I am implementing a web application with security via IS4. My idea is to make the actual application running local identity server also be an endpoint for managing it: modifying clients, users, and resources and what not.
I don't want to separate the actual database work into a standalone API, and would prefer to keep this client thick. But this would make this webapp both a client and a protected resource.
How is this supposed to be implemented in terms of IS4? Do I register my app as both a client and an API? Is there a cleaner mechanism in IdentityServer4 for doing this sort of "self-check"?
Upvotes: 0
Views: 106
Answers (1)
Reputation: 27578
You can add user management related apis into the application which running Identity Server . You can make use of ASP.NET Identity and EF Core to manage users/roles.
Your client app will authenticate via identity server application , and also acquire access token for accessing the protected user management apis in IDS app . Identity server app needs to add JWT Bearer authentication schema which accepts the api request(with token in header) , then you should add Authorize attribute to challenge the bearer authentication on the protected api controllers/actions .
Upvotes: 1
Related Questions
- Identity Server 4 - unauthorized client
- Secure API with IdentityServer and C#
- Controlling Client Access
- asp.net core 3 and identityserver4
- Protecting Web API 2.2 with IdentityServer4
- Securing a client in IdentityServer4
- Secure asp.net core 2.0 webapi with Identityserver3
- IdentityServer 4 as a web API
- Identity Server 4 Authentication
- Protecting .NET framework 4.x web API with Identity server 4 in