Codidact requires some sort of standardized authorization framework that has all the security quirks already written in.
The main goal of this framework/library would be to authorize the user with our system.
Here are the options as far I know:
IdentityServer4 & Identity ASP.NET Core
http://docs.identityserver.io/en/latest/intro/big_picture.html
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-3.1&tabs=visual-studio
ASP.NET Core Identity:
- Is an API that supports user interface (UI) login functionality.
- Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 3.0. IdentityServer4 enables the following security features:
- Authentication as a Service (AaaS)
- Single sign-on/off (SSO) over multiple application types
- Access control for APIs
- Federation Gateway
Only Identity ASP.NET Core
Same as above only without the IdentityServer but using only Identity. Will only be running on the same server as the main server.
Only IdentityServer
Implement the tables for the users/roles/etc on our own instead of letting ASP.Identity deal with that. Manage the users on our own. Use IdentityServer for SSO and OAuth2/OpenID
Casbin.NET
https://github.com/casbin/Casbin.NET
Used this in golang, so might include it as an option.
- Doesn’t deal with authentication at all. No user tables
- no direct EF integration (this is both a advantage and a disadvantage)
- Cool role management system
No Library/Framework
Simply implement an OAuth2 server on the project. Create your own tokens and workflow.
Please, add more suggestions and I’ll edit the post.
Thanks