Should I use Microsoft Identity for web api authorization?

T

Taras252020-11-17 16:17:12

ASP.NET

Taras25, 2020-11-17 16:17:12

Started making a project consisting of asp.net webapi on the back and vuejs on the front.
I have little experience in such matters, so I would like to ask knowledgeable people.
As you know, asp.net has a built-in authorization/authentication mechanism - Identity.
But it seemed to me that it was too overloaded with any left garbage, and not flexible enough to customize.
In addition, I want to have a database in the form of Mongo. There are solutions that allow you not to write your own storage, but to take ready-made ones for Mongo, but I'm not 100% sure of them, after all, these are some crafts, and perhaps they are far from optimal in terms of speed, and contain bugs.
But the main question is still about Identity - does anyone have experience using it?
For example, it was decided to use it, and in the process it was decided to cut it out and write all the authorization logic on our own.
It is also planned to use authentication through social networks. Including those that are not in the standard .net distribution

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vasily Bannikov, 2020-11-17
@vabka

> authentication through social networks
If they support oauth, then there should be no problems.
I haven't tried Identity myself, but a lot of people use it and I haven't heard any complaints about it.
In principle, filing a bike with your own authorization is ok, but for authentication / identification it is better to use something ready-made. Of these: IdentityServer and Hydra .
> perhaps they are far from optimal in terms of speed, and contain bugs.
This can be determined by the number of users. If a lot of people are using it in production, then chances are it will work for you too.

V

Vladimir Korotenko, 2020-11-17
@firedragon

In order. Net core recommend identity server 4 . It still allows both authorization from the database and standard oauth2 in the examples of Google, Facebook, Microsoft and, in my opinion, Yandex. There are really a lot of hemorrhoids, especially if you want authorization in one application along with api and spa. If the extra domain does not bother you, then file the authorization according to the template project and place it on another domain. Or send me a template

V

Victor P., 2020-11-17
@Jeer

Good afternoon to all fans to all lovers of dot net )
I used the standard implementation of Identity in many versions of .net, for small projects (including commercial ones, but also not very complex ones). Everything works, conditionally, out of the box. But due to the fact that this is a very flexible tool, there are a lot of different settings in it, which are quite easy to get confused.
It is because of this that when using the standard Identity, I always had a feeling of overload and not full control of the code in this aspect. And, in fact, when you want to figure out how everything works, especially for educational purposes, it is advisable to do the corresponding pieces of code with your own hands.
I didn’t have the desire to directly cut out the standard implementation and replace everything with my custom solution, since the architecture (what will be used) is usually planned in advance and if the standard Identity is suitable, why cut it out. But in the last project, for example, I did the authorization logic myself, although, at the same time, I left the standard authentication schemes.
If there is time / desire, I can show, for example, in the discord.
ps I have not worked with mongo, but it seems to be not important in the code first approach when working with the base