My goal was to build a sample with
- .NET Core 2.0 Console
- ASP.NET Core 2.0 Web App
- ASP.NET Core 2.0 Web API
Another goal was to show how the user workflow of application trust should be for "internal" platform services as well as for external clients.
Please think twice and donate your money to useful institutions such as children's hospices.
This sample shows the following workflow:
We have an internal area which represents our trusted application environment. Additionally, we see an external example application we do not develop or run.
All our trusted "internal" applications can access all our APIs. External applications have to be accepted by the user via IdentityServer Consent
This ASP.NET Core 2.0 application hosts the IdentityServer. All configurations like users, APIs and clients are static in the SampleConfig.cs file.
The IdentityServer is registered inside of Startup.cs
The sources inside the Quickstart are taken from https://github.com/IdentityServer/IdentityServer4.Quickstart.UI without modifications.
This projects provides basic stuff for accessing an API with the help of a SDK. In a productive environment this would be a NuGet package.
This ASP.NET Core 2.0 application hosts the demo API of todos. All configurations like users, APIs and clients are static in the ApiSampleOptions.cs file.
This projects provides a client
TodoApiClient for accessing the TodoApi.
It gives you a client for authentication and receiving typed data.
In a productive environment this would be a NuGet package.
This ASP.NET Core 2.0 application represents the "Portal Web Application" the user interacts with.
You have a navigation element to receive the tasks from the TodoApi with the help of the TodoApiSdk and you have a navigation element to watch your claims.
Both clicks will redirects you to the IdentityServerHost where you have to log in. Afterwards to will be redirected to this application.
This ASP.NET Core 2.0 application represents an "External Web Application" which is not part of the platform and maybe run by an external company.
This application also provides a navigation element for tasks and claims but after the login the user has to accept the access for this application via via IdentityServer Consent as shown above.
This is just a simple console application with a usual name based on .NET Core 2.0. It represents a simple client which calls the API with the TodoApiSdk and hard coded user credentials.
In a real world scenario this could be any .NET desktop/server/mobile application.
Run this demo
Clone this repository or download this repository as zip file.
git clone https://github.com/BenjaminAbt/Samples.AspNetCore-IdentityServer4.git
See all information to run this demo below:
|Todo API||http://localhost:9011/api/Tasks||Returns a sample task collection|
|Portal Web||http://localhost:9012/||"Internal" Web App|
|External Web||http://localhost:9015/||"External" Web App|
PortalWebApp via dotnet.exe on your cmd or use the parallel project startup configuration of Visual Studio (right click on the solution -> set startup projects)
Once started, two browser instances will launch for
TodoApi will start without a browser instance.
After your login was successful you will be redirected to the Tasks view.
Workflow: the PortalWebApp application uses the
TodoApi client to receive the tasks from the
Tasks and you will have to log into the IdentityServer and accept the application access request.
Afterwards you will be redirected to the WebApp and will see the tasks loaded from the
The console will now authenticate your instance with the hard-coded credentials and will request the
TodoApi to get the tasks.
Released under the MIT license.
- 1.1 (2017-10-07): Updated to stable release of IdentityServer 2.0
- 1.0 (2017-09-26): Published