The administration of the IdentityServer4 and Asp.Net Core Identity
This is currently in beta version
The application is written in the Asp.Net Core MVC - using .NET Core 2.2
NOTE: Works only with IdentityServer4 version 2.3.0 and higher ๐
- Install the latest .NET Core 2.x SDK (using older versions may lead to 502.5 errors when hosted on IIS or application exiting immediately after starting when self-hosted)
- Install the dotnet new template:
dotnet new -i Skoruba.IdentityServer4.Admin.Templates::1.0.0-beta7
- Create new project:
dotnet new skoruba.is4admin --name MyProject --title MyProject --adminrole MyRole --adminclientid MyClientId --adminclientsecret MyClientSecret
Project template options:
--name: [string value] for project name
--title: [string value] for title and footer of the administration in UI
--adminrole: [string value] for name of admin role, that is used to authorize the administration
--adminclientid: [string value] for client name, that is used in the IdentityServer4 configuration for admin client
--adminclientsecret: [string value] for client secret, that is used in the IdentityServer4 configuration for admin client
- Set Startup projects:
- Skoruba.IdentityServer4.Admin
- Skoruba.IdentityServer4.Admin.Api
- Skoruba.IdentityServer4.STS.Identity
- Configuration of Admin for deploy on Azure
- Configuration of Admin on Ubuntu with PostgreSQL database
-
This administration uses bootstrap 4
-
Admin UI
- Security token service (STS)
- Forms:
git clone https://github.com/skoruba/IdentityServer4.Admin
cd src/Skoruba.IdentityServer4.Admin
npm install
cd src/Skoruba.IdentityServer4.STS.Identity
npm install
The following Gulp commands are available:
gulp fonts
- copy fonts to thedist
foldergulp styles
- minify CSS, compile SASS to CSSgulp scripts
- bundle and minify JSgulp clean
- remove thedist
foldergulp build
- run thestyles
andscripts
tasks
-
The solution uses these
DbContexts
:AdminIdentityDbContext
: for Asp.Net Core IdentityAdminLogDbContext
: for loggingIdentityServerConfigurationDbContext
: for IdentityServer configuration storeIdentityServerPersistedGrantDbContext
: for IdentityServer operational store
-
Run entity framework migrations:
Add-Migration AspNetIdentityDbInit -context AdminIdentityDbContext -output Data/Migrations/Identity
Update-Database -context AdminIdentityDbContext
Add-Migration LoggingDbInit -context AdminLogDbContext -output Data/Migrations/Logging
Update-Database -context AdminLogDbContext
Add-Migration IdentityServerConfigurationDbInit -context IdentityServerConfigurationDbContext -output Data/Migrations/IdentityServerConfiguration
Update-Database -context IdentityServerConfigurationDbContext
Add-Migration IdentityServerPersistedGrantsDbInit -context IdentityServerPersistedGrantDbContext -output Data/Migrations/IdentityServerGrants
Update-Database -context IdentityServerPersistedGrantDbContext
dotnet ef migrations add AspNetIdentityDbInit -c AdminIdentityDbContext -o Data/Migrations/Identity
dotnet ef database update -c AdminIdentityDbContext
dotnet ef migrations add LoggingDbInit -c AdminLogDbContext -o Data/Migrations/Logging
dotnet ef database update -c AdminLogDbContext
dotnet ef migrations add IdentityServerConfigurationDbInit -c IdentityServerConfigurationDbContext -o Data/Migrations/IdentityServerConfiguration
dotnet ef database update -c IdentityServerConfigurationDbContext
dotnet ef migrations add IdentityServerPersistedGrantsDbInit -c IdentityServerPersistedGrantDbContext -o Data/Migrations/IdentityServerGrants
dotnet ef database update -c IdentityServerPersistedGrantDbContext
Migrations are not a part of the repository - they are ignored in .gitignore
.
- In
Program.cs
->Main
, uncommentDbMigrationHelpers.EnsureSeedData(host)
or use dotnet CLIdotnet run /seed
- The
Clients
andResources
files inConfiguration/IdentityServer
are the initial data, based on a sample from IdentityServer4 - The
Users
file inConfiguration/Identity
contains the default admin username and password for the first login
- Change the specific URLs and names for the IdentityServer and Authentication settings in
Constants/AuthenticationConsts
orappsettings.json
Constants/AuthorizationConsts.cs
contains configuration of constants connected with authorization - definition of the default name of admin policy- In the controllers is used the policy which name is stored in -
AuthorizationConsts.AdministrationPolicy
. In the policy -AuthorizationConsts.AdministrationPolicy
is defined required role stored in -AuthorizationConsts.AdministrationRole
. - With the default configuration, it is necessary to configure and run instance of IdentityServer4. It is possible to use initial migration for creating the client as it mentioned above
- In
Skoruba.IdentityServer4.STS.Identity
- inappsettings.json
is possible to specify which column will be used for login (Username
orEmail
):
"LoginConfiguration": {
"ResolutionPolicy": "Username"
}
or using Email
:
"LoginConfiguration": {
"ResolutionPolicy": "Email"
}
- In
Skoruba.IdentityServer4.STS.Identity
- inappsettings.json
is possible to disable user registration (default: true
):
"RegisterConfiguration": {
"Enabled": false
}
- For development is running on url -
http://localhost:5001
and swagger UI is available on url -http://localhost:5001/swagger
- For swagger UI is configured a client and an API in STS:
"AdminApiConfiguration": {
"IdentityServerBaseUrl": "http://localhost:5000",
"OidcSwaggerUIClientId": "skoruba_identity_admin_api_swaggerui",
"OidcApiName": "skoruba_identity_admin_api"
}
- Swagger UI contains following endpoints:
- In
Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs
- is method calledAddExternalProviders
which contains the example withGitHub
and inappsettings.json
:
"ExternalProvidersConfiguration": {
"UseGitHubProvider": false,
"GitHubClientId": "",
"GitHubClientSecret": ""
}
- It is possible to extend
ExternalProvidersConfiguration
with another configuration properties.
- https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
- https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/
- Great article how to set up Azure AD:
- It is possible to set up emails via:
In STS project - in appsettings.json
:
"SendgridConfiguration": {
"ApiKey": "",
"SourceEmail": "",
"SourceName": ""
}
"SmtpConfiguration": {
"Host": "",
"Login": "",
"Password": ""
}
- The project has following translations:
- English
- Chinese
- Russian
- Persian
- Swedish
-
All labels and messages are stored in the resources
.resx
- locatated in/Resources
- Client label descriptions from - http://docs.identityserver.io/en/latest/reference/client.html
- Api Resource label descriptions from - http://docs.identityserver.io/en/latest/reference/api_resource.html
- Identity Resource label descriptions from - http://docs.identityserver.io/en/latest/reference/identity_resource.html
-
The solution contains unit and integration tests.
-
Stage environment is used for integration tests:
DbContext
contains setup for InMemory databaseAuthentication
is setup forCookieAuthentication
- with fake login url only for testing purposeAuthenticatedTestRequestMiddleware
- middleware for testing of authentication.
-
If you want to use
Stage environment
for deploying - it is necessary to change these settings inStartupHelpers.cs
.
-
STS:
Skoruba.IdentityServer4.STS.Identity
- project that contains the instance of IdentityServer4 and combine these samples - Quickstart UI for the IdentityServer4 with Asp.Net Core Identity and EF Core storage and damienbod - IdentityServer4 and Identity template
-
Admin UI Api:
Skoruba.IdentityServer4.Admin.Api
- project with Api for managing data of IdentityServer4 and Asp.Net Core Identity, with swagger support as well
-
Admin UI:
-
Skoruba.IdentityServer4.Admin
- ASP.NET Core MVC application that contains Admin UI -
Skoruba.IdentityServer4.Admin.BusinessLogic
- project that contains Dtos, Repositories, Services and Mappers for the IdentityServer4 -
Skoruba.IdentityServer4.Admin.BusinessLogic.Identity
- project that contains Dtos, Repositories, Services and Mappers for the Asp.Net Core Identity -
Skoruba.IdentityServer4.Admin.BusinessLogic.Shared
- project that contains shared Dtos and ExceptionHandling for the Business Logic layer of the IdentityServer4 and Asp.Net Core Identity -
Skoruba.IdentityServer4.Admin.EntityFramework
- EF Core data layer that contains Entities for the IdentityServer4 -
Skoruba.IdentityServer4.Admin.EntityFramework.Identity
- EF Core data layer that contains Repositories for the Asp.Net Core Identity -
Skoruba.IdentityServer4.Admin.EntityFramework.Extensions
- project that contains extensions related to EntityFramework -
Skoruba.IdentityServer4.Admin.EntityFramework.Shared
- project that contains DbContexts for the IdentityServer4, Logging and Asp.Net Core Identity, inluding shared Identity entities
-
-
Tests:
-
Skoruba.IdentityServer4.Admin.IntegrationTests
- xUnit project that contains the integration tests for AdminUI -
Skoruba.IdentityServer4.Admin.UnitTests
- xUnit project that contains the unit tests for AdminUI -
Skoruba.IdentityServer4.STS.IntegrationTests
- xUnit project that contains the integration tests for STS
-
Clients
It is possible to define the configuration according the client type - by default the client types are used:
-
Empty
-
Web Application - Server side - Hybrid flow
-
Single Page Application - Javascript - Authorization Code Flow with PKCE
-
Native Application - Mobile/Desktop - Hybrid flow
-
Machine/Robot - Resource Owner Password and Client Credentials flow
-
TV and Limited-Input Device Application - Device flow
-
Actions: Add, Update, Clone, Remove
-
Entities:
- Client Cors Origins
- Client Grant Types
- Client IdP Restrictions
- Client Post Logout Redirect Uris
- Client Properties
- Client Redirect Uris
- Client Scopes
- Client Secrets
API Resources
- Actions: Add, Update, Remove
- Entities:
- Api Claims
- Api Scopes
- Api Scope Claims
- Api Secrets
- Api Properties
Identity Resources
- Actions: Add, Update, Remove
- Entities:
- Identity Claims
- Identity Properties
Users
- Actions: Add, Update, Delete
- Entities:
- User Roles
- User Logins
- User Claims
Roles
- Actions: Add, Update, Delete
- Entities:
- Role Claims
- Create the Business Logic & EF layers - available as a nuget package
- Create a project template using dotnet CLI -
dotnet new template
- First template: The administration of the IdentityServer4 and Asp.Net Core Identity
- Add logging into
- Database
- File
- Add localization for other languages
- English
- Chinese
- Russian
- Persian
- Swedish
- Manage profile
- Password reset
- Link account to an external provider (example with Github)
- Two-Factor Authentication (2FA)
- User registration
- Email service
- SendGrid
- Add API
- IdentityServer4
- Asp.Net Core Identity
- Add swagger support
- Add audit logs to track changes (#61)
- Docker support (#121)
- Create a project template using dotnet CLI -
dotnet new template
- Second template: The administration of the IdentityServer4 (without Asp.Net Core Identity) (#79)
- Add UI tests (#97, #116)
- Add more unit and integration tests ๐
- Extend administration for another protocols
- Create separate UI using
Razor Class Library
(#28, #133)
This repository is licensed under the terms of the MIT license.
NOTE: This repository uses the source code from https://github.com/IdentityServer/IdentityServer4.Quickstart.UI which is under the terms of the Apache License 2.0.
This web application is based on these projects:
- ASP.NET Core
- IdentityServer4.EntityFramework
- ASP.NET Core Identity
- XUnit
- Fluent Assertions
- Bogus
- AutoMapper
- Serilog
Thanks to Tomรกลก Hรผbelbauer for the initial code review.
Thanks to Dominick Baier and Brock Allen - the creators of IdentityServer4.
Thanks goes to these wonderful people (emoji key):
Jan ล koruba ๐ป ๐ฌ ๐ ๐ก ๐ค |
Tomรกลก Hรผbelbauer ๐ป ๐ ๐ ๐ค |
Michaล Drzaล ๐ป ๐ ๐ ๐ก ๐ค |
cerginio ๐ป ๐ ๐ก ๐ค |
Sven Dummis ๐ |
Seaear ๐ป ๐ |
---|---|---|---|---|---|
Rune Antonsen ๐ |
Sindre Njรธsen ๐ป |
Alevtina Brown ๐ |
Brice ๐ป |
TheEvilPenguin ๐ป |
Saeed Rahmani ๐ |
Andy Yu ๐ |
This project follows the all-contributors specification. Contributions of any kind are welcome!
I am happy to share my attempt of the implementation of the administration for IdentityServer4 and ASP.NET Core Identity.
Any feedback is welcome - feel free to create an issue or send me an email - jan@skoruba.com. Thank you ๐
If you like my work, you can support me by donation. ๐