How do I Add End User Self Registration to IdentityServer?

Question

I think I finally understand OAuth/OIDC/IdentityServer/IdMgr/IUA/ASP.NET Identity well enough to recognize the answer to my question.

Can anyone point me at a full-featured end-user self-registration example/add-on for IdentityServer 3 or 4?

I'm aware of the admin UI products. I'm looking for an end-user, not administrator, self-registration and contact info admin UI similar to Individual User Accounts in MVC projects.

I'd also like the functionality, including UI, to reside on the STS and integrate with the STS OIDC authorization functionality.

A user registration add-on for IdentityServer 3 or 4 would make my day.

Or, is it true that comprehensive turn-key end-user self-registration for IdentityServer does not exist?

I have reviewed and ran the IdSvr3 AspNetIdentity integration samples. If end-user self-registration is there I don't see it.

I have seen a few examples that showed how to add an end-user self-registration page to identity server but they seemed more like a hack than comprehensive user self-registration/contact info admin feature, ALA MVC Individual User Accounts.

Using IdentityServer4 hosted in a .NET Core web app as the STS is an option I've explored. I didn't find any complete examples there either.

Answer 1

What I did (you can adpot this for MVC project):

IdentityServer:

startup.cs

services.AddIdentityServer(options =>  {     
 options.Discovery.CustomEntries.Add("local_api", "~/api"); // <--
})
.AddInMemoryClients(Config.Clients)
    ...

---

Controllers/UserController.cs

[Route("api/[controller]")]
[Authorize(IdentityServer4.IdentityServerConstants.LocalApi.PolicyName)]
public class UserController : ControllerBase
{
  [HttpPost("create_user")]
  [AllowAnonymous]
  public async Task<ActionResult<string>> CreateUser([FromBody] CreateApplicationUserViewModel newUser)
  {
      if (newUser.Email != null)
      {
        string result = await _userService.CreateUserAsync(newUser);
        return Ok(result);
      }

      return BadRequest("Email is missing");
  }
}

---

Services/UserService.cs

public class UserService : IUserService
{
   private readonly ApplicationDbContext _dbContext;
   private readonly UserManager<ApplicationUser> _userManager;
   private readonly IMapper _mapper;

   public UserService(ApplicationDbContext dbContext,serManager<ApplicationUser> userManager)
   {
      _userManager = userManager;
      _dbContext = dbContext;
      _mapper = mapper;
   }

   public async Task<string> CreateUserAsync(CreateApplicationUserViewModel newUser)
   {
       if (newUser.Email != null && await _userManager.FindByEmailAsync(newUser.Email) == null)
       {
           ApplicationUserViewModel appViewModel = _mapper.Map<ApplicationUserViewModel>(newUser);
           ApplicationUser newAppUser = _mapper.Map<ApplicationUser>(appViewModel);
           newAppUser.UserName = newUser.Email; // Add this if you want that user should login with E-Mail and not Username

           IdentityResult result = await _userManager.CreateAsync(newAppUser, newUser.Password);

            if (result.Succeeded)
            {
               return "User is created";

            }else
            {
               return "Problem with user creation";
            } 
       }

       return "This e-mail address is already taken.";
   }

... 

// Add here other operations for User like Update or Delete
 
}

Answer 2

The Skoruba admin IdentityServer4 ad-on has end-user self registration.

Nahid Farrokhi's web API and MVC articles, see links below, explain how to configure IdSvr4 and .NET Framework 4.5.2 MVC and web API to work together.

https://nahidfa.com/posts/identityserver4-and-asp-.net-web-api/

https://nahidfa.com/posts/identityserver4-and-asp-.net-mvc/

Answer 3

The simple answer, is, buy their AdminUI solution. https://www.identityserver.com/products/#AdminUI

If you don't want to buy it, the answer is you have to dive into the complexity and build it all yourself.