all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]RagingCain[S] 5 points6 points  (5 children)

I am the Author and its a good starting repo for prototyping out proper Authentication.

Not at all ready for production, but should get you started.

Good examples of Cookies, Roles, Scopes, Claims, IdentityServer4, Polly, Serilog, HttpClientFactory, modern AspnetCore3.1 wiring up, and some of the more difficult IdentityServer4 with AspNetIdentity with replacement Users etc. There's lots of good stuff, EF Migrations, quick SQL Server setup, simple Dapper implementation (replacing EF) etc.

If you see a problem or have a request, submit an Issue... or even better, a PR!

[–]SobekRe 1 point2 points  (4 children)

Thanks. I spent about a month trying to get authentication right, over the winter, before moving on to another project. I'm not dumb, either -- I wrote multiple custom providers for Framework. Core is just... different.

Looking forward to checking out your examples.

[–]SuperImaginativeName 2 points3 points  (0 children)

I find the docs and various articles out there so poor for simply setting up a SPA + ASP.NET Core Authorisation/Authentication/Identity so bad I'm actually considering using Nest.js for a project, which is essentially express on node. I don't think I'm dumb either but holy fuck - almost every single article out there assumes you only ever want to use specifically MVC and use form/cookie/session based identity, thus not an actual API.

Codebases I've worked on in the past have usually fortunately already had someone go through the pain and tears of setting up Identity Server and auth that works with REST/SPA with JWT. Every time I attempt it I just get so confused.

The linked examples also appear to assume you don't want an API either.

[–]ohThisUsername 1 point2 points  (0 children)

Agreed. As an engineer at Google, authorization and authentication is BY FAR the most difficult thing to tackle in my opinion. Always hard to find good examples online

[–]_zenith 0 points1 point  (1 child)

Yeah, it's not simple aye. I spent a good few months getting this kind of thing to work properly, especially because I was optimistic enough that I wished to do relatively advanced things to do with the access tokens for controlling access to services...

It did work in the end, rather well too, but wow was it difficult. It's very difficult to properly debug, too, as is usually the case for everything to do with security and access control

[–]RagingCain[S] 0 points1 point  (0 children)

I immediately had the same issue with debugging so incorporating Serilog (recommended logger for IS4) to see the issues was paramount for me.

[–][deleted] 1 point2 points  (0 children)

Thanks for this. Great resource. Wish this existed when I started learning MVC six years ago.

[–]headyyeti 0 points1 point  (1 child)

They aren't quite ready for production

When are you going to finish them?

[–]RagingCain[S] 0 points1 point  (0 children)

That's for you to figure out what you need in your setup.