Argomenti trattati
Introduction to IdentityServer
Welcome to your first quickstart guide on IdentityServer! This guide will walk you through the process of setting up IdentityServer in a straightforward scenario aimed at safeguarding APIs used for server-to-server communication. You’ll create a solution comprising three distinct projects: a client application, an API, and the IdentityServer itself.
Setting up your development environment
To begin, you’ll need to set up IdentityServer templates for the .NET CLI, which serve as an excellent foundation for your quickstart. Open your console window and execute the following command:
dotnet new -i Duende.IdentityServer.Templates
Before proceeding, ensure that you uninstall any previous versions of the Duende templates installed on your machine to avoid conflicts. Once your environment is ready, create a directory for your solution and use the empty template to initiate an ASP.NET Core application that includes a basic IdentityServer setup.
Creating the solution structure
Navigate to your console and execute commands to create a structured directory for your solution. This will form the root of your project:
mkdir quickstart
cd quickstart
mkdir src
This setup creates a ‘quickstart’ directory as the root for your solution, a ‘src’ subdirectory for your source code, and a solution file to organize your projects. Throughout this guide, we will reference paths relative to the ‘quickstart’ directory.
Creating the IdentityServer project
From your newly created quickstart directory, you can create the IdentityServer project using the empty template:
dotnet new isem -n IdentityServer
This command generates a new web project named IdentityServer, complete with the necessary package installed and minimal configuration. Within the ‘src/IdentityServer’ directory, you’ll find essential files including the ‘launchSettings.json’. Here, you can modify the application URL and port that your IdentityServer will listen on. Keep in mind that for production setups, always opt for HTTPS.
Configuring scopes and clients
Scopes are a fundamental aspect of OAuth, allowing you to define the extent of access that clients request when initiating the protocol. It’s essential to configure scopes appropriately to determine which access rights are granted. In this quickstart, you’ll create a scope that signifies complete access to an API that will be defined later.
Open the ‘Config.cs’ file generated by the template and add an ApiScope to the ApiScopes property, ensuring that the API has a meaningful name and display name.
Adding an API project
Next, you’ll introduce an API project to your solution, which will manage the protected resources secured by IdentityServer. You can create this project using either the ASP.NET Core Web API template in Visual Studio or via the .NET CLI:
dotnet new webapi -n Api
After creating the API project, navigate back to the quickstart directory and add it to your solution. Integrating JWT Bearer Authentication into your API is crucial. This allows the API to authorize calls using tokens issued by the IdentityServer.
Testing the IdentityServer flow
With your IdentityServer and API projects set up, you can now create a client that requests an access token and utilizes that token to access the API. This client will be a console application within your solution:
dotnet new console -n Client
Add the Duende.IdentityModel NuGet package to your client, which will facilitate the token acquisition process using the discovery endpoint. This makes it simpler to interact with IdentityServer.
Running and validating your setup
Finally, ensure that all projects are running smoothly. Start the IdentityServer and API projects, then execute the Client project to see the output. If configured correctly, you should receive a response that confirms successful authorization.
As you work through this guide, remember that successfully validating access tokens and enforcing authorization policies is critical for maintaining the security of your APIs. This setup lays the groundwork for implementing more advanced features in IdentityServer as you grow your application.