1

I have a Web API application and I want to secure that. I've been reading about ThinkTectures IdentityModel and IdentityServer for authorization (OAtuh2) and I think this is what I need.

I'm just not really sure where to start with this. There are so many solutions available that I'm not sure what to use.

I think I need to add ThinkTecture.IndentityModel to my Web API application right?

Should I then download ThinkTecture.IdentityServer2? Or do I need Thinktecture.AuthorizationServer as well? I'm kinda confused there.

In the end I want my Web API application to be able to login into a identity server which returns claims that belongs to that user.

Could anyone tell me where and how to start with this. I need a push in the right direction.

For starters I already added ThinkTecture.IndentityModel to my WEB Api application. What else do I need to do?

Vivendi
  • 20,047
  • 25
  • 121
  • 196

1 Answers1

1

I'd suggest starting with the wikis of each project. They go into details about the purpose of each project and how to get started:

https://github.com/thinktecture/Thinktecture.IdentityServer.v2/wiki

https://github.com/thinktecture/Thinktecture.AuthorizationServer/wiki

Brock Allen
  • 7,385
  • 19
  • 24
  • Ok I started with *Identity Server 2* since I think it fits my needs best. The only thing I can´t really figure out is how to work with `claims`. Is it possible to assign custom `claims` to users, like I can with `roles`? Is this possible right out of the box? Or do I have to make a custom implementation to assign claims to users? Any info/blog/tutorial about this is more than welcome. Since I couldn't really find anything useful. – Vivendi Jul 22 '14 at 11:06
  • Yes, you can assign custom claims to users. IdentityServer has extensibility points for emitting those custom claims in the token. Again, check the wiki. – Brock Allen Jul 25 '14 at 12:51