IdentityServer4 Without Entity Framework

[MV10]

Written on 2018-01-02 10:05:25 AM

URL: https://mcguirev10.com/2018/01/02/identityserver4-without-entity-framework.html

[MV10]

Migrated comment by Hugo Burm on 2018-02-03 12:32:59 PM

Thanks for this tutorial. It helped me to understand how to replace the default EF store with my own legacy backend

[MV10]

Migrated comment by MV10 on 2018-02-07 11:35:01 AM

Glad it helped!

[MV10]

Migrated comment by die illuminaten on 2018-04-02 5:01:22 AM

hi, thanks a lot for your blogpost, it is very helpful. however I have the problem that it somehow doesn't use the userstore. First I had to add a ResourceOwnerPasswordValidator and use it like
_userstore.ValidateCredentials(context.UserName, context.Password);
But after that there is never a call to any methods of the UserStore and the serverlog shows a 400 error. Am I missing something here?

[MV10]

Migrated comment by Damien Sawyer on 2018-04-26 3:16:56 AM

Jon - this was fantastic. I can't agree more with your summary about the negatives of 'black box' programming. I really appreciate how you've approached this complex topic bottom-up as opposed to the recent common trend in which libraries are 'documented' with trite examples based around automatic configuration.

[MV10]

Migrated comment by MV10 on 2018-04-26 5:27:34 AM

Thanks. My goal is for ever developer I work with to understand all of the pieces and layers they use and maintain. If they don't know how it works, they really ought not add it to a production system.

[MV10]

Migrated comment by Hardik Viradiya on 2018-06-08 12:35:12 PM

Sooooooooooooooooooooooooooooooooooooooooo much helpful. Thanks a lot. it was a headache for me to implement this. and I came to this article. :)

[MV10]

Migrated comment by Anthony Baltzer on 2019-02-14 4:32:58 AM

Fantastic article Jon. I wholeheartedly agree with the problems of the vast amounts of "new and improved" libraries and the immediate scrabble to get them into production and the risks that imposes. I treat coding anything a bit like building a car, sure there are some bits outside my skillset, but I still like to know whats going on under the hood! I've watched too many teams dive into the latest and greatest (EF being one of those) and then watch them scratch their heads trying to work out why seemingly simple things have gone awry... Anyway, used this to wire into MySql, worked a treat. Thanks again

[MV10]

Migrated comment by MV10 on 2019-02-15 4:54:41 AM

Yeah I've seen some real train-wrecks with EF in particular, and on a serious project it's usually too late to change by the time the realization dawns. Then you have things like Angular that changed completely, leaving 1.x projects stranded unless somebody finds budget for a rewrite. From a business standpoint there are a lot of irresponsible decisions being made in IT these days. Glad the article helped!

[MV10]

Migrated comment by Alex K on 2019-03-03 10:22:45 PM

The problems with Identity Server 4 is that it solves some of the problems but introduces much more. The examples use TestUserStore which you need to implement, you need to think about password hash & salt, you need to think about account lock out on failed attempts. All of this was implemented in ASP.NET Identity for you. You just implement a store and mangers did all this for you.

[MV10]

Migrated comment by MV10 on 2019-03-08 6:36:14 AM

You're talking apples and oranges. Identity Server handles centralized OIDC concerns and nothing more. In the various .NET repo discussions, MS devs pretty regularly recommend Identity Server, and they have frequently stated that the template projects shouldn't be treated as production-ready code. Any professional-quality production system is going to have to address all those things correctly.