This application is a "ready to go" project aiming to simplify your experience with the - amazing - IdentityServer of Dominick Baier and Brock Allen.
There are two main points that differs from the original templates already kindly available and that we'll discuss here.
The first one is to offer persitency to your configuration through database storage. Instead of only writting your configuration in the good old "Config.cs" you will also have the possibility to manage it in a SQL-server database instance through a UI.
A User store based on Identity Framework is also provided with basical authentication services, aka Registration, Sign in, Email Confirmation, and Password Reset. No mail service here though, so you'll have to implement it yourself.
The second main topic here is the UI. API scopes, Identity Resources, Clients, Users, and Roles are all manageable through a built-in interface, secured with Identity Framework and documented with the definitions available on the Official Documentation.
Interested? Let's dig right in.
To begin with, you'll have to clone this project.
Choose your location of choice on your local machine, and type:
git clone https://github.com/heliosCreation/IdentityServer-HeliosAdminUI.gitIn order to be able to push your own work to your future repo, modify the origin:
git remote set-url origin https://github.com/YOU/YOUR_REPOOnce the project is install, we'll have to get those databases working.
So let's open the solution and start the exploration.
Once you're good with that, we're going to create your databases.
Since the migrations files are already in the project, all you have to do in to run the updates. Open your package manager and run those commands:Update-database -Context ApplicationDbContext Update-database -Context PersistedGrantDbContext Update-database -Context ConfigurationDbContextUpdate-database -Context CustomConfigurationDbContext And here we go, just like that our stores are ready to be used.
The application is design to enable a default basic seeding of Configuration, Users and Roles.In order to use it, all you have to do is to launch your project with specific parameters. If you dig a little bit in the "Program.cs", you'll see those three lines of code:
Pretty clear in terms of arguments, right?
So Right click on your project, go to Properties > Debug and let's start with the Roles:
Start the project, and you should see a terminal with those informations written:
Repeat the operation with the the seedUsers and seedConfig, the terminal should open again with validations messages.
- The role seed, will insert one role in the DB. Named IsAdmin. Said role will be used to access the Admin feature of the server. Change the name as per your need, but remember to also take a look at the Authorization method of the controllers to replace it as well.
- The user seed will insert three default users in the database. Alice & Bob with password Pass123$, and admin with password Pwd12345!. Remember to modify this password in the future.
- The configurational seed will use the information found in the config.cs to produce the first set of data. Customize it per your need !
Now that the preparation is done. I'm gonna walk you through the interface and the features you can access.
First we'll have to login with the admin account. If the login is successful, in the upper right corner of the navigation bar you should see a new dropdown:
We are first going to access the home page:
I think the page itself is pretty self-explanatory. The four main management themes of the app are here. Let's begin with the Api Scopes management now, shall we?
All of the sections presented above, when clicked, will take you to a page with two choices. Choice 1, show me my resources. Choice 2, let me create a new one.
Would you choose to access the List, you will be taken to a page letting you see you resources along with the major fields defining it.
Three options are also given here: Create, Update and Delete. Following the basics of a CRUD implementation.
Along with it, as displayed in the image below, some usefull information about the fields can be accessed by hovering the "(i)" icons following the labels:
Upon valid creation, you will be prompted with a validation message:
The management of the Identity Resources mostly follow the same flow. Only difference being in the create method. In order to create the claim for your Identity resource, you are given the ability to create and/or remove tags representing the desired claims. To add one, type in the corresponding bar and press "Enter". To remove it, click on little arrow being part of the tag.
The form is splitted in three main sections. The first one, being, the "Basic" one lets you define your Id, Name and Secret for this Client. As written in the picture bellow, take note of the Secret you will wish to define, as it won't be available anywhere else later.
The second section lets you define the URIs used by the client:
The third lets you define the Grants and Scopes of your Client.
The grant types correspond to the default one provided by the IdentityServer Documentation. The clickable Scopes are also based on the default ones of the documentation.
Finally, for a more customizable approach, you can create your own custom scopes.
The fourth and final section let's you manage the way your application deals with token expiracy and refresh token. Do I want a refresh token mechanism to be impletemented? Should it update the relatives claims on update? How long do I want the access token to be valid? All that can be dealt with right here.
From the Admin home page, if you decide to click on the last section, you will taken to a menu offering you two choices:
The User section will give you the capacities to create new user without the need of a proper flow following the Register method. You will also have the ability to add your newly created user to the roles you built on your server. It goes without saying that you will be able to update and delete those users as you wish.
Below, a caption of the User creation form:
And finally, the Role section. Three possibilities are also given to you here. Creating new roles, Listing them, and deleting them.
The newly created Roles, will be automatically added to the list of choices you can access upon the creation of a new user.
If you went down as far a this line, I would like to thank you for your attention.
This project represents hours of work and head scratching. I know it's not perfect and there are still a good amount of work to be done, but I hope it might be usefull to some of you.
Enjoy and keep coding !