1

I am planning to use the IdentityServer4 to handle authentication/authorization for multiple projects (every project will have its own WebAPI). So user maybe have to register once and get a flag or role for which product/api they have access to.

I have already been through the IdentityServer4 docs and started with InMemoryUsers which I now changed to IdentityUser with Entity Framework Core 

        // Adds Identity - configure identity server
    services.AddIdentityServer()
        // .AddSigningCredential(key, StoreLocation.LocalMachine, NameType.Thumbprint)
        .AddTemporarySigningCredential()
        .AddConfigurationStore(builder => builder.UseSqlServer(connectionString, options => options.MigrationsAssembly(migrationsAssembly)))
        .AddOperationalStore(builder => builder.UseSqlServer(connectionString, options => options.MigrationsAssembly(migrationsAssembly)))
        .AddAspNetIdentity<IdentityUser>();

So I created like in the thread User Registration Process with IdentityServer4 already mentioned, three different projects.

  • Identity Provider = Asp.Net Identity project (could be company website with user registration)
  • Identity Server = Asp.Net project containing the identity server middleware
  • A protected API = Web Api

I also have to mention that I am using Entity Framework Core 1.1.1.

But now the question came out, how to handle the database access from the different projects? The Identity Provider and the Identity Server are currently using the same database. Both projects have migration enabled, but could that be right? IdentityProvider with ApplicationDBContext and IdentityServer=OAuthService with ApplicationDBContext, both with Migration enabled

  1. So my first question is, isn´t that a problem to handle two migrations to the same data source? (It seems that in Entity Framework Core, wont be executed automatically -which is good- and migrations have to be executed manually)
  2. Which way is recommended to handle the Clients, API resource, Claims, Scopes, etc. for the IdentityServer4? Shall I create an additional project, which also use the same database just to manage the configuration data?

So I am not sure how to handle database access to one database from different Asp.Net projects with Entity Framework Core. My database currently looks like that: IdentityServer database with Asp.Net Identities

The following code will be executed within the Startup.cs of the SocialNet.OAuthService project.

    private void InitializeDbTestData(IApplicationBuilder app) 
    { 
        using (var serviceScope = app.ApplicationServices.GetService().CreateScope()) 
        { 
           // create identity server EF structures 
         serviceScope.ServiceProvider.GetRequiredService().Database.Migrate(); 
         serviceScope.ServiceProvider.GetRequiredService().Database.Migrate(); 
         serviceScope.ServiceProvider.GetRequiredService().Database.Migrate();

                var context = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();

                // add dummy/example data 
                if (!context.Clients.Any())
                {
                    foreach (var client in ExampleConfig.GetClients())
                        context.Clients.Add(client.ToEntity());

                    context.SaveChanges();
                }

                if (!context.IdentityResources.Any())
                {
                    foreach (var resource in ExampleConfig.GetIdentityResource())
                        context.IdentityResources.Add(resource.ToEntity());

                    context.SaveChanges();
                }

                if (!context.ApiResources.Any())
                {
                    foreach (var apiResource in ExampleConfig.GetApiResources())
                        context.ApiResources.Add(apiResource.ToEntity());

                    context.SaveChanges();
                }

                var userManager = serviceScope.ServiceProvider.GetRequiredService<UserManager<IdentityUser>>();
                if (!userManager.Users.Any())
                {
                    foreach (var testUser in ExampleConfig.GetUsers())
                    {
                        var identityUser = new IdentityUser(testUser.Username)
                        {
                            Id = testUser.SubjectId,
                            UserName = testUser.Username,
                            Email = testUser.Username,
                            EmailConfirmed = false
                        };

                        foreach (var claim in testUser.Claims)
                        {
                            identityUser.Claims.Add(new IdentityUserClaim<string>
                            {
                                UserId = identityUser.Id,
                                ClaimType = claim.Type,
                                ClaimValue = claim.Value
                            });
                        }

                        userManager.CreateAsync(identityUser, "Password123!").Wait();
                    }
                }
            }
        }

I hope I could describe my problem comprehensible and I hope the formatting is conform to the guidelines. I am really thankful for your help. Best Regards Michael

Mich Drexler
  • 11
  • 1
  • 3
  • As long as you keep the models seperated it should not be a problem to have multiple migrations in one database. As for configuration, I think this mainly depends on accessability. If you want to restrict access (since IdentityServer is publically accessable), then consider to create your own project which allows local access (inside your network) only. –  Jun 18 '17 at 09:44
  • Thanks for your reply. Okay, but thats not the point I am worry about it. I am worry about having the same or nearly the same database context within different projects pointing to the same database. Because if I migrate new tables or columns within one project, I always have to take care about the other project. What do you think about having the same or nearly the same database context within multiple projects? For the configuration stuff, you mean I should create an own project and configure the IdentityServer ConfigurationContext again and access the same database too? – Mich Drexler Jun 20 '17 at 16:35
  • Personally I use one DbModel since there is only one database. I've made a NuGet package which contains the latest version. So if something changes, I update the NuGet package. I make sure that I don't implement breaking changes. This way current applications will keep working. As soon as a project is modified I update the NuGet package. –  Jun 20 '17 at 19:38
  • Thank you for your answer. Okay so I will try to export the DbModel with its Migration Configuration to a class library (because I only will need this DataLayer only in a few projects) and reference this class library in the projects where I need access to the database of the IdentityServer4 – Mich Drexler Jun 21 '17 at 15:14

0 Answers0