2

I'm wondering if it is possible to use Thinktecture IdentityServer simply as an STS alongside an existing web app? That is, I want to use ASP.NET Identity for authentication in my web app because I want to use all of the built-in functionality like 2-factor, etc. However, I want to use IdentityServer as an STS to serve up tokens to access my web services (WCF and Web API).

I thought perhaps I need to authenticate normally through ASP.NET Identity, then again through IdentityServer to get the token. However, this seems heavy and wasteful.

Is there perhaps some way to authenticate against the IdentityServer directly from ASP.NET Identity? I saw the sample where we can integrate the two together (IdentityServer using ASP.NET Identity), but it seemed like I might lose the ability to use all of the built-in stuff like two-factor workflows.

I'm hoping I'm way off base here, and apologies if I have some fundamental misunderstandings about how IdentityServer works. Perhaps there is a way to get all of the added functionality that ASP.NET Identity provides from within IdentityServer?

ChrisC
  • 1,161
  • 12
  • 26
  • 2
    I'm cool with people down-voting things, but it is almost pointless if they aren't willing to tell people why so perhaps we can modify the question, or do something differently next time. If there is a problem with what I have asked a comment is far more constructive. – ChrisC May 15 '15 at 11:16

1 Answers1

1

Identity Server will handle all authentication, no need for double sign-ins if you are using it correctly.

You'll have to implement two factor authentication yourself though as it is not currently supported by Identity Server. However extending Identity Server's existing support for ASP.NET Identity to allow for two factor authentication is definately possible.

I think your first port of call should be to have a bit of a deep dive into the Identity Server documentation and the OpenID Connect protocol. After that check out UserService documentation and then derive from the existing ASP.NET Identity UserService to add support for two factor authentication.

Scott Brady
  • 5,498
  • 24
  • 38
  • Thanks @Scott Brady. However, I was thinking of using ASP.NET Identity and the built-in project template for login, two-factor etc., then instead of doing the default login I would swap in the call to login via IdentityServer. Then I could still get my token via IdentityServer, but I could avail of the built-in stuff in the project. Does this make sense, or am I missing something here? It just seems that the default project has everything I want in it except for the web api/web service token authentication/authorization, which I can get from IdentityServer. – ChrisC May 17 '15 at 00:09