Reputation: 837
ASP.NET Core Identity SPA with React
I am confused and a bit lost about using ASP.NET Core Identity with a React SPA.
I have read Microsoft documentation about ASP.NET Core Identity several times, mostly focusing on the Identity with SPA section, and yet I have to confess I still don't clearly get how to bond a React SPA with ASP.NET Core Identity.
These are the blockers I have stumbled upon:
The documentation assumes I want to use IdentityServer, but I do not. I rather prefer Openiddict, but I don't know how to do the switch. Worst part is that I am not totally clear about what IdentityServer or Openiddict do. I understand that they provide an OpenId connection for JWT tokens and securing my REST endpoints, but how they do that is still obscure to me.
The Microsoft documentation focusing on React SPAs all use a "convenient" hosting of both the React SPA and the API back-end as a single unit. This is unfortunate because I don't want that. I have my React SPA totally decoupled and separated from the API, and they will be hosted separately. To summarize I don't want my React SPA in the same solution as the API back-end.
Most examples in the Microsoft documentation use Entity Framework as the ORM. I won't. I will use Dapper instead. The good news is that there is a section better explaining Custom storage providers for ASP.NET Core Identity, and also I am studying the ASP.NET Core Identity with Dapper implementation done in Daarto, so this part I have been understanding better.
Any tutorial, blog, repository or documentation you can recommend me to understand exactly step-by-step thouroughfully explained what is needed to do to bond a React SPA with ASP.NET Core Identity? That is authenticating users, securing API endpoints, how React will communicate with Openiddict, and how to use Openiddict with ASP.NET Core Identity, etc.
Upvotes: 25
Views: 2195
Answers (2)
Reputation: 190
ASP.NET Identity is a membership provider and uses cookies while IdentityServer is an OAuth2/OpenID Connect server you can use to support token authentication. IdentityServer4 will eventually support ASP.NET Identity as a membership store. For authentication and authorization in mobile devices and SPA, you can use tokens and the best solution is IdentityServer4 with ASP.NET Identity.
Upvotes: 0
Reputation: 11
OpenIddict is a library to implement Auth server yourself and IdentityServer is a fully implemented Authentication server that providers several schemes. On tutorial, there aren't many tutorials that go through this scenario. Most go on creating JWT authentication and authorization using APS.NET Identity which to me feels a little insecure as you are implementing everything yourself and Auth is one of the things which you shouldn't implement yourself.
Upvotes: 0
Related Questions
- React SPA with OIDC PKCE and identityserver.io
- React SPA / Embedded Identity Server issue after .net core 3 preview 8 upgrade
- Identity Server 4 + Identity Framework + React front-end
- asp.net identity failing on login-callback
- OpenID Connect with .Net Core 3 and React
- How to customize Identity controller for React SPA in ASP.NET Core?
- React SPA with oidc-client and client secret
- IdentityServer4 implementation with React SPA and Asp.net Core backend
- Authentication in .net Core with ReactJS SPA
- Security and OpenId Connect Flows with ASP.Net Core 2.1 and React