Blazor: Authentication

Create IDP Project

Start by creating a new IdentityServer project that will use ASP.NET Core Identity:

1. dotnet new sln
2. dotnet new is4aspid -n ThreeC.IDP
3. When prompted to “seed” the user database, choose “Y” for “yes”. This populates the user database with our “alice” and “bob” users. Their passwords are “Pass123$”. The template uses Sqlite as the database for the users, and EF migrations are pre-created in the template. If you wish to use a different database provider, you will need to change the provider used in the code and re-create the EF migrations.
4. “DefaultConnection”: “Server=DESKTOP-GFG8N3L\\SQLEXPRESS;Initial Catalog=ThreeCSecuredDb;Trusted_Connection=True;MultipleActiveResultSets=true”
5. Upgrade Project to .Net 5.0
6. Add Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.SqlServer
7. Use services.AddDbContext<ApplicationDbContext>(options =>
   options.UseSqlServer(Configuration.GetConnectionString(“DefaultConnection”)));
8. PM> Update-Database
9. Scaffold Identity into a Razor project with authorization. Add the Register, Login, LogOut, and RegisterConfirmation files. Right Click and New Scalfolding items > Identity
10. Production: Info: To require a confirmed account and prevent immediate login at registration, set DisplayConfirmAccountLink = false in /Areas/Identity/Pages/Account/RegisterConfirmation.cshtml.cs:
11. Production: Info:LogIn> OnPostAsync > To enable password failures to trigger account lockout set lockoutOnFailure: true
12. Production: Info:Signout > the code return RedirectToPage(); needs to be a redirect so that the browser performs a new request and the identity for the user gets updated. SignOutAsync clears the user’s claims stored in a cookie.

API Access

1. With Identity Server 4 — resources and scopes are required for API access
2. Install in API IdentityServer4.AccessTokenValidation

================================================================================

1. dotnet new sln
2. dotnet new — install IdentityServer4.Templates::4.0.1
3. dotnet new is4empty -n ThreeC.IDP
4. https://localhost:5001/.well-known/openid-configuration
5. Add user interface > ThreeC\ThreeC.IDP\ThreeC.IDP>dotnet new is4ui dotnet new is4ui
6. Replace Config and TestUser file.

ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following:

• Azure Active Directory
• Azure Active Directory B2C (Azure AD B2C)
• IdentityServer4

IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. IdentityServer4 enables the following security features:

• Authentication as a Service (AaaS)
• Single sign-on/off (SSO) over multiple application types
• Access control for APIs
• Federation Gateway

Set-Up Steps Identity Server 4

• Nuget > Microsoft.AspnetCore.ApiAuthorization.IdentityServer
• services.AddDefaultIdentity<ApplicationUser>(
  options => options.SignIn.RequireConfirmedAccount = true)
  .AddEntityFrameworkStores<ApplicationDbContext>();

“DefaultConnection”: “Server=DESKTOP-GFG8N3L\\SQLEXPRESS;Initial Catalog=ThreeCSecuredDb;Trusted_Connection=True;MultipleActiveResultSets=true”

ASP.NET Core Identity:

• Is an API that supports user interface (UI) login functionality.
• Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.

Users can create an account with the login information stored in Identity or they can use an external login provider. Supported external login providers include Facebook, Google, Microsoft Account, and Twitter.

Create a Web app with authentication

• Select File > New > Project.
• Select ASP.NET Core Web Application. Name the project WebApp1 to have the same namespace as the project download. Click OK.
• Select an ASP.NET Core Web Application, then select Change Authentication.
• Select Individual User Accounts and click OK.
• PM> Update-Database
• Add code inside ConfigureServices Method (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-5.0&tabs=visual-studio)
• Scaffold Identity into a Razor project with authorization. Add the Register, Login, LogOut, and RegisterConfirmation files. Right Click and New Scalfolding items > Identity
• Production: Info: To require a confirmed account and prevent immediate login at registration, set DisplayConfirmAccountLink = false in /Areas/Identity/Pages/Account/RegisterConfirmation.cshtml.cs:
• Production: Info:LogIn> OnPostAsync > To enable password failures to trigger account lockout set lockoutOnFailure: true
• Production: Info:Signout > the code return RedirectToPage(); needs to be a redirect so that the browser performs a new request and the identity for the user gets updated. SignOutAsync clears the user’s claims stored in a cookie.