{"id":36855,"date":"2016-09-19T09:37:53","date_gmt":"2016-09-19T16:37:53","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/webdev\/?p=7645"},"modified":"2016-09-19T09:37:53","modified_gmt":"2016-09-19T16:37:53","slug":"introducing-identityserver4-for-authentication-and-access-control-in-asp-net-core","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/introducing-identityserver4-for-authentication-and-access-control-in-asp-net-core\/","title":{"rendered":"Introducing IdentityServer4 for authentication and access control in ASP.NET Core"},"content":{"rendered":"<p><span style=\"text-decoration: underline\"><em>This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer.<\/em><\/span><\/p>\n<p>Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. <a href=\"https:\/\/identityserver.io\">IdentityServer<\/a> is a popular open source framework for implementing authentication, single sign-on and API access control using ASP.NET.<\/p>\n<p>While IdentityServer3 has been around for quite a while, it was based on ASP.NET 4.x and Katana. For the last several months we\u2019ve been working on porting IdentityServer to .NET Core and ASP.NET Core. We are happy to announce that this works is now almost done and IdentityServer4 RC1 was published to NuGet on September 6th.<\/p>\n<p>IdentityServer4 allows building the following features into your applications:<\/p>\n<p><strong>Authentication as a Service<\/strong>\nCentralized login logic and workflow for all of your applications (web, native, mobile, services and SPAs).<\/p>\n<p><strong>Single Sign-on \/ Sign-out<\/strong>\nSingle sign-on (and out) over multiple application types.<\/p>\n<p><strong>Access Control for APIs<\/strong>\nIssue access tokens for APIs for various types of clients, e.g. server to server, web applications, SPAs and native\/mobile apps.<\/p>\n<p><strong>Federation Gateway<\/strong>\nSupport for external identity providers like Azure Active Directory, Google, Facebook etc. This shields your applications from the details of how to connect to these external providers.<\/p>\n<p><strong>Focus on Customization<\/strong>\nThe most important part &#8211; many aspects of IdentityServer can be customized to fit your needs. Since IdentityServer is a framework and not a boxed product or a SaaS, you can write code to adapt the system the way it makes sense for your scenarios.<\/p>\n<p>You can learn more about IdentityServer4 by heading to <a href=\"https:\/\/identityserver.io\">https:\/\/identityserver.io<\/a>. Also you can visit the <a href=\"https:\/\/github.com\/IdentityServer\/IdentityServer4\">github repo<\/a>, the <a href=\"https:\/\/identityserver4.readthedocs.io\">documentation<\/a>, and see our <a href=\"https:\/\/identityserver.io\/\">support options<\/a>.<\/p>\n<p>There are also quick-start tutorials and samples that walk you through common scenarios for protecting APIs and implementing token-based authentication.<\/p>\n<ul>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/0_overview.html\">IdentityServer Overview<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/1_client_credentials.html\">Protecting an API using client credentials<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/2_resource_owner_passwords.html\">Protecting an API using passwords<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/3_interactive_login.html\">OpenID Connect authentication<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/4_external_authentication.html\">External authentication<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/5_hybrid_and_api_access.html\">Hybrid Flow and API access<\/a><\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/6_aspnet_identity.html\">NET Core Identity<\/a><\/span><\/li>\n<li><span> <\/span><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/7_javascript_client.html\">JavaScript\/SPA client application<\/a><\/span><span>s<\/span><\/li>\n<li><span><a href=\"https:\/\/identityserver4.readthedocs.io\/en\/dev\/quickstarts\/8_entity_framework.html\">Configuration with EntityFramework<\/a><\/span><\/li>\n<\/ul>\n<p>Give it a try. We appreciate feedback, suggestions, and bug reports on our <span><a href=\"https:\/\/github.com\/IdentityServer\/IdentityServer4\/issues\">issue tracker<\/a><\/span>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer [&hellip;]<\/p>\n","protected":false},"author":405,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[197,7509],"tags":[7438,123],"class_list":["post-36855","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aspnet","category-aspnetcore","tag-identity","tag-security"],"acf":[],"blog_post_summary":"<p>This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/36855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/405"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=36855"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/36855\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=36855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=36855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=36855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}