IdentityServer4 with ASP.NET Identity

Question

I have to implement OAuth for .NET Core and the decision is IdentityServer4. In fact, result should be an Authentication Endpoint also with login UI, reset password UI etc. However, OAuth must be fitted to existing database structure. So I cannot simply follow easiest 'Quickstart' manuals.

I am trying to understand concept of IdentityServer4 and I am confused about ASP.NET Core Identity and it's role in it. As far as I know, the ASP.NET Core Identity provides framework for user management including signin, signup, password reset etc, including database (with EntityFramework).

I have an existing SQL database which I have to use, there is no chance to any change. However, structure is similar to ASP.NET Core Identity so I assume it may be used (somehow). I found articles how to implement sort of 'custom users'

A/ directly to IdentityServer4, article here

or

B/ to ASP.NET Core Identity, article here

Both ways are doable, back to original question - I would like to just get bit deeper to IdentityServer4 and find out how much it relies on ASP.NET Core Identity.

Thanks a lot!

Answer 1

IdentityServer4 had 2 DbContexts that are a part of the framework which you will have to use if you're going to store these to the database. The ConfigurationDbConext for client and flow configuration. And the PersistentGrantDbContext for storing tokens and such. These 2 DbContexts are the only core part of IdentityServer4. These can also be stored in memory, but I wouldn't advise that. These 2 dbcontexts can be stored along side the existing database tables, or in another database if you want to.

User-management and such are not part of the IdentityServer framework, and you can use the implementation of your liking, like ASP.NET Core identity or something custom. In the article you mentioned, the magic happens within the IProfileService service,where users are retrieved and the IResourceOwnerPasswordValidator where credentials are validated. Use these custom implementations to retrieve and validate the users from your existing database.

Also, if you look at the quickstart example project, you'll see the UserStore is injected into each controller. Feel free to replace this one with your own user-repository if you need to. So to answer your question, IdentityServer4 doesn't rely on any user/role related storage framework, but you can attach however you want to.

For example: in my projects, User management, and authentication are 2 different microservices. Within the cluster, IdentityServer calls the user-service internally to get the user that is requested, but it isn't even part of the Auth microservice. The auth service just focusses on the OpenId connect implementation but knows basically nothing about users at all.