Asp.Net core Web Application with IdentityServer4 and Identity both

0
votes

I have an Asp.Net core web application that uses Asp.Net Identity for user management. The application creates employees, and on the creation of an employee; I have to create an AspNetUser and his roles accordingly. That employee can then login into the application and UI is shown based on his role. So I am using SignInManager, RoleManager, and UserManager for all this. There is no API involved so far. EF Core with the repository pattern is being used.

Now I have the requirement from the client to develop a lite version of this web application as native apps. For that, I obviously need APIs. There are a lot of business rules involved, so my plan is to create an API project in the same solution and define API methods that will be calling my Business Layer which has rules written in it. So all business logic in one place and being accessed from web applications and mobile apps.

I was exploring best practices to secure Web APIs, there I found IdentityServer4. I have successfully configured the IdentityServer4. It's up and running. I am clear from the API side that what I need to do. I want my existing web application to also use IdentityServer4 for authentication and authorization. Like said before I need to create an Asp.Net user behind the scenes on the creation of an employee, so I have used UserManager and RoleManger in my Business Layer for this purpose.

I am not sure whether this is a valid scenario or not. But all I want is to replace only the authentication (Actually Login, forgot password, reset password) part of my web application with IdentityServer but my custom logic to create AspNetuser and roles in the business layer should remain intact.

When I remove the AddIdentity() part from my Startup, it starts to throw DI exceptions for SignInManager, RoleManager, and UserManger which I have used in my business layer.

services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
{
    options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<AppDbContext>()
.AddDefaultUI()
.AddDefaultTokenProviders();

I cannot remove them because of behind the scene user creation on the creation of employees.

I am open to suggestions as long as my business layer is least affected.

1
asp.net-coreentity-framework-coreasp.net-identityidentityserver4razor-pages
You could use the ASP.NET Core Identity with IdentityServer, but please note that AddIdentity<ApplicationUser, IdentityRole> must be invoked before AddIdentityServer. Here are some related articles, you could check them: use ASP.NET Core Identity with IdentityServer and How To Use ASP.NET Identity And IdentityServer4 In Your Solution. - Zhi Lv
@ZhiLv the second link is making some sense to me. I will try this and share the results. Thank you very much for your efforts. - Muhammad Bilal

1 Answers

0
votes

Something is wrong in the way your solution is designed.

"When I remove the AddIdentity() part from my Startup, it starts to throw DI exceptions for SignInManager, RoleManager, and UserManger which I have used in my business layer."

Since you are having an IdentityServer4, there is actually no need to use either SignIn manager, or RoleManager.

When i say there is no need, i actually mean that you SHOULD NOT be using the SignIn and/or RoleManager on the client app, since the app should not have any kind of authen/author logic, these should all be redirected to the IdentityServer endpoint, which in turn will reply to the designated callback endpoint each time.

Now for the UserManager, which is the only one of the 3 that actually has a place in business, you can just inject the Manager as you would with any other service, i.e servies.AddTransient<IUserManager, UserManager> and use it anywhere by injection.