Identity Service¶
IdentityServer 4 is the current solution for authentication and access control.
What is IdentityServer 4?¶
IdentityServer 4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. It enables the following features to our applications:
- Authentication as a Service: Centralized login logic and workflow for all of your applications (web, native, mobile, services). IdentityServer is an officially certified implementation of OpenID Connect.
- Single Sign-on / Sign-out: Single sign-on (and out) over multiple application types.
- Access Control for APIs: Issue access tokens for APIs for various types of clients, e.g. server to server, web applications, SPAs and native/mobile apps.
Why IdentityServer 4?¶
Most modern applications look more or less like this:
Typically each and every layer (front-end, middle-tier and back-end) has to protect resources and implement authentication and/or authorization – often against the same user store.
Outsourcing these fundamental security functions to a security token service prevents duplicating that functionality across those applications and endpoints.
Restructuring the application to support a security token service leads to the following architecture and protocols:
Such design divides security concerns into two parts:
- Authentication: Authentication is needed when an application needs to know the identity of the current user.
- API Access: OAuth2 is a protocol that allows applications to request access tokens from a security token service and use them to communicate with APIs.
What are OpenID Connect and OAuth 2.0?¶
OAuth 2.0 is an industry standard for “delegated authorization” which is the ability to provide an application or client access to data or features offered by another app or service. OAuth 2.0 focuses on authorization and is not prescriptive about authentication. OpenID Connect (OIDC) adds a standards-based authentication layer on top of OAuth 2.0.