II - Creating a token server, STS, API using .net 6, MySql and Duende Identity Server

II - Creating a token server, STS, API using .net 6, MySql and Duende Identity Server

Many modern applications adopt a CAT architecture, which is a great way to provide a compact, modular and flexible infrastructure to run a variety of apps.

CAT-> Client, API, Token Service. The following diagram explains the basic concept and structure employed for one of our projects that uses ASP Identity to store user data.

CAT architecture.png

A Client in this case is represented by the blocks that are names Web build, iOS, and Android. A client makes an API call to the Web API Resource and provides a token along with it. The API checks the token with the Security Token Service Server, if the token is expired or if the user is not authorized to perform the call then the API call will return an error unauthorized. Otherwise, the API will serve data. In this case, we are employing ASP.NET identity to store the user data over .net 6 with Duende for an Identity Server. We are also employing angular with native script to be able to build Web, iOS, and Android with a shared code repository. The DB will be stored in MySql.

IdenetityServer is a commonly used Identity Server that is built on .net. It used to be called IdentittyServer4, now it's Duende.

github.com/DuendeSoftware/Duende.AccessToke..

duendesoftware.com

The most commonly used method is installing templates as part of .net and using the following commands to install templates.

dotnet new --install Duende.IdentityServer.Templates

Then use the following command to this to create a project using the template

dotnet new %TemplateShortName% -n %ProjectName%

Duende Provides the following templates:

  1. bffjs -> Duende BFF (Back to Front) with JavaScript

  2. isempty -> Duende IdentityServer Empty

  3. isui -> Duende IdentityServer Quickstart UI (UI assets only)

  4. isaspid -> Duende IdentityServer with ASP.NET Core Identity

  5. isef -> Duende IdentityServer with Entity Framework Stores

  6. isinemem -> Duende IdentityServer with In-Memory Stores and Test Users

You can use the following CLI command to list all templates

dotnet new --list

I tried to generate the project with each of these and only isef worked for me with MySql but there were still massive issues with seeding the project. From everything I've seen, it looks like it works like a charm with SQL Server.

Clone the Duende git repository

git clone https://github.com/DuendeSoftware/Duende.AccessTokenManagement.git

Create a DB Schema using MySql Workbench and retrieve info necessary for connection string

MySql Connection string example

"server=localhost;port=3306;database=%DBName%;uid=%uid%;password=%password%"

Update connection string and DbProvider in appsettings.json in the following 3 projects.

%ProjectName%.IdentityServer.Admin

%ProjectName%.IdentityServer.Admin.API

%ProjectName%.IdentityServer.STS.Identity

Open a new terminal window at the root of the Project solution and run the following commands. These will generate migrations in the MySql Folder

dotnet ef migrations add DBInit -c AdminIdentityDbContext -o Migrations\Identity -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj


dotnet ef migrations add DBInit -c AdminLogDbContext -o Migrations\Logging -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj


dotnet ef migrations add DBInit -c IdentityServerConfigurationDbContext -o Migrations\IdentityServerConfiguration -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj


dotnet ef migrations add DBInit -c IdentityServerPersistedGrantDbContext -o Migrations\IdentityServerGrants -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj


dotnet ef migrations add DBInit -c AdminAuditLogDbContext -o Migrations\AuditLogging -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj


dotnet ef migrations add DBInit -c IdentityServerDataProtectionDbContext -o Migrations\DataProtection -p ..\${projectName}.Admin.EntityFramework.MySql\${projectName}.Admin.EntityFramework.MySql.csproj

Update the DB using each individual DbContext

dotnet ef database update -c AdminIdentityDbContext

dotnet ef database update -c AdminLogDbContext

dotnet ef database update -c IdentityServerConfigurationDbContext

dotnet ef database update -c IdentityServerPersistedGrantDbContext

dotnet ef database update -c AdminAuditLogDbContext

dotnet ef database update -c IdentityServerDataProtectionDbContext

Update the Startup.cs file so that the backend is connected with the DbContext you've just created.

In the function ConfigureServices add the following lines of code

 var connectionString = Configuration.GetConnectionString("DefaultConnection");

 // Adds the Duende IdentityServer Admin UI with custom options.
services.AddIdentityServerAdminUI<AdminIdentityDbContext, IdentityServerConfigurationDbContext, IdentityServerPersistedGrantDbContext,
AdminLogDbContext, AdminAuditLogDbContext, AuditLog, IdentityServerDataProtectionDbContext,
UserIdentity, UserIdentityRole, UserIdentityUserClaim, UserIdentityUserRole,
UserIdentityUserLogin, UserIdentityRoleClaim, UserIdentityUserToken, string,
IdentityUserDto, IdentityRoleDto, IdentityUsersDto, IdentityRolesDto, IdentityUserRolesDto,
IdentityUserClaimsDto, IdentityUserProviderDto, IdentityUserProvidersDto, IdentityUserChangePasswordDto,
IdentityRoleClaimsDto, IdentityUserClaimDto, IdentityRoleClaimDto>(ConfigureUIOptions);

Seed the Db using the following command:

dotnet run /seed

Now you should have a fully built Db seeded with data and you should be able to run the solution with the 3 startup projects