In our production environment, the public-facing website does NOT have access to any databases. Everything must go through an application layer (normally REST API) that lives in a DMZ that does have access to the databases.
The website that is under development is still using the OTB ASP.NET Core Identity that is going directly to a DB. While it works great on a development machine, the data access layer needs to be moved into an application layer. What is the correct way
to do that? Is this the role of services like IdentityServer4 and OpenIddict?
Any and all help to understand how to solve this is much appreciated!
Yours is a very common requirement. If you are using the OTB user manger, you want a custom storage manger that calls a web service, rather than the database directly.
google for example. Identity server and openid are for when you want to use oauth for authentication. Unless you used an existing oath service, you would face the same restriction with the oauth server.
Thank you for the quick reply, this is what I was looking for! I have read over the page and it looks like there is quite a bit of work to implement a custom UserStore.
yes, I figured this was a very, very common requirement. That being the case, is there a template out there that implements everything as a rest api back to the OTB user store in the DMZ? This way I don't have to reinvent the wheel...
Member
3 Points
25 Posts
ASP.NET Core Identity data store not accessible from web site
Mar 08, 2021 02:51 PM|scarleton|LINK
In our production environment, the public-facing website does NOT have access to any databases. Everything must go through an application layer (normally REST API) that lives in a DMZ that does have access to the databases.
The website that is under development is still using the OTB ASP.NET Core Identity that is going directly to a DB. While it works great on a development machine, the data access layer needs to be moved into an application layer. What is the correct way to do that? Is this the role of services like IdentityServer4 and OpenIddict?
Any and all help to understand how to solve this is much appreciated!
Sam Carleton
All-Star
58464 Points
15787 Posts
Re: ASP.NET Core Identity data store not accessible from web site
Mar 08, 2021 03:32 PM|bruce (sqlwork.com)|LINK
Yours is a very common requirement. If you are using the OTB user manger, you want a custom storage manger that calls a web service, rather than the database directly.
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers?view=aspnetcore-5.0
google for example. Identity server and openid are for when you want to use oauth for authentication. Unless you used an existing oath service, you would face the same restriction with the oauth server.
Member
3 Points
25 Posts
Re: ASP.NET Core Identity data store not accessible from web site
Mar 08, 2021 08:38 PM|scarleton|LINK
Bruce,
Thank you for the quick reply, this is what I was looking for! I have read over the page and it looks like there is quite a bit of work to implement a custom UserStore.
yes, I figured this was a very, very common requirement. That being the case, is there a template out there that implements everything as a rest api back to the OTB user store in the DMZ? This way I don't have to reinvent the wheel...
Sam Carleton