.NET Core Web API Authentication and .NET Identity

0
votes

I recently took over a .NET core MVC project and have to extend it with an API. For authentication .NET core Identity is used. Coming from swift iOS/Mac development i started a demo project getting into it and doing some basic authentication.

When reading up on the identity on Microsofts Docs they foucs on WebApps. So my questions are:

  • Should i use identity for API authentication or is it just for internal identity Management and WebApp stuff?
  • Does identity/.NET core already offer me jwt and e.g. basic auth to initially obtain the jwt or do i have to create a lot myself?

My Goal rn is to just create jwt-auth protected routes and to be able to get a jwt with a username and a password.

2
c#asp.netauthenticationasp.net-identityjwt-auth
use identity server 4 - Always_a_learner

2 Answers

1
votes

ASP.NET Core Identity isn't suitable for guarding APIs, usage of other identity providers is directed by the Docs:

ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following:

  • Azure Active Directory
  • Azure Active Directory B2C (Azure AD B2C)
  • IdentityServer4

and as per the previous link:

IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. IdentityServer4 enables the following security features:

  • Authentication as a Service (AaaS)
  • Single sign-on/off (SSO) over multiple application types
  • Access control for APIs
  • Federation Gateway

So you will need to go with IdentityServer4

1
votes

You should use identity server4 for this.

Refer a simple example of identity server 4 to protect client with token.

identity-server4 simple example

There are a lot more things you will have to understand refer identity server 4 official doc.

Moreover you can also follow step by step identity server setup video tutorial.