c# asp net core identity doubts about separating layers

Question

I would like to implement a custom identity provider to allow all my users a single access to my applications. I chose to write it with Asp Net Core Identity, but I have some doubts about how to separate the layers into tiers. Let me explain better; I would like to separate the front end from the back end, so that the front end represents only the data entry screens (username and password on the login page, surname name etc. on the registration page) and that all the rest of the logic is on another server behind a firewall and that communication takes place via the Rest API. As in the attached image:

It's a good idea? On the examples that I found known that only the db is separated, the rest of the IdP is all on a server, but in terms of security, a server exposed on the web that communicates directly with a database with sensitive data is not to be discouraged? Sorry for the many questions but I would like to proceed in the right way. Thank you

Answer 1

I've faced similar questions when setting up a project of mine. The goals (in this regards) were:

• Have the frontend (vuejs) and the backend (asp.net core) separated
• Have a layered backend architecture, where only the actual asp.net application requires a reference to asp.net core.

I've ended up using the JWT authentiction scheme. I didn't use asp.net core identity, as this would have required referencing asp.net core in the DB layer.

I don't understand what you mean by the text in brackets.

I would like to separate the front end from the back end, so that the front end represents only the data entry screens (username and password on the login page, surname name etc. on the registration page)

The user will enter his user name and password and your rest API will authenticate the user.

If you want to have a look at my setup:

• Authentication registration
• What's required for authentication/authorization
• Login method on controller