How to handle authentication in Microservices?

I am creating an application with multiple APIs. I had a few queries about the IdentityServer4 framework, ASP.NET Core Identity and the Razor pages in general, it would be great if they could be answered.Some pointers first:

  1. ASP.NET Core Identity now comes as a Razor Class Library (RCL). When we create a .NET Core application with Individual User Accounts authentication, the Identity functionality(views and code[created using Razor Pages]) is bundled as a package, Microsoft.AspNetCore.Identity.UI and is added to Nuget packages. Unfortunately, it means that everything from the AspNetCore Identity package gets added to the project. What if I am interested in only a few functionalities/ features or want to modify an existing view/code file?Here is what I have understood so far. Kindly rectify if I am wrongTo modify an existing view/code file: The required item must be scaffolded and changes made accordingly.To have limited features: Login, Logout, Change Password etc.: I should create an empty project and then add only these features using scaffolding. Is this correct?
  2. I want to have Authorization across all the APIs, have Roles etc. What would be the best way to configure Authorization? Policy, Claims or Roles.

  1. I created an IdentityServer4 project with Asp.Net Core Identity and Entity Framework (6th and 8th Sample – not running yet but hopefully I will be able to crack what’s going wrong). Here, we create an MVC Client which has resources that require authorization. When we try to access those resources (can be any controller action), the application forwards our request to the IdentityServer4 UI. My Client API has a different UI than this project, with the above flow of requests I will have to redo the same UI design in the IdentityServer Project.

Is there another way of doing things that I am missing?

  1. What is the preferable way of doing things with respect to Microservices?

submitted by /u/wannabeIndLeader
[link] [comments]

Leave a Reply