Securing thick client with IdentityServer4
Question
I am implementing a web application with security via IS4. My idea is to make the actual application running local identity server also be an endpoint for managing it: modifying clients, users, and resources and what not.
I don't want to separate the actual database work into a standalone API, and would prefer to keep this client thick. But this would make this webapp both a client and a protected resource.
How is this supposed to be implemented in terms of IS4? Do I register my app as both a client and an API? Is there a cleaner mechanism in IdentityServer4 for doing this sort of "self-check"?
1 answers
solution1
1 ACCPTED 2019-12-13 08:56:11
You can add user management related apis into the application which running Identity Server . You can make use of ASP.NET Identity and EF Core to manage users/roles.
Your client app will authenticate via identity server application , and also acquire access token for accessing the protected user management apis in IDS app . Identity server app needs to add JWT Bearer authentication schema which accepts the api request(with token in header) , then you should add Authorize attribute to challenge the bearer authentication on the protected api controllers/actions .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.