Authentication Fundamentals¶
Authentication is the process of recognizing a user's identity. It is a mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are compared to those in a database of the authorized user's information within an authentication server.
In certain situations, clients need to authenticate with IdentityServer:
- Applications requesting tokens at the token endpoint.
- APIs validating reference token at the introspection endpoint.
For that purpose you can assign a list of secrets to a client or an API resource.
Secret parsing and validation is an extensibility point in IdentityServer, out
of the box it supports shared secrets as well as transmitting the shared secret
via a basic authentication header or the POST body.
To set up a hashed shared secret:
| C# | |
|---|---|
This secret can now be assigned to either a Client or an ApiResource.
| C# | |
|---|---|
Authentication Module¶
This module is the one that communicate with the IdentityServer to
authenticate the token and allow or denied the client request to access a
resource.
The AuthenticationModule depends its configuration in the
AuthenticationModuleOptions, where we need to define:
- ApiName
- ApiSecret
- Authority
| JSON | |
|---|---|
These options are later set on the IdentityServerAuthenticationOptions, for
when an Authentication is required.
This works by adding a IdentityServerAuthentication service that register the
IdentityServer authentication handler.
Yarp Authentication Routing¶
Yarp integrates with ASP.NET authentication middlewares and nothing is required other than the Authentication Module configuration.