Codidact requires some sort of standardized authorization framework that has all the security quirks already written in.
The main goal of this framework/library would be to authorize the user with our system.
Here are the options as far I know:
IdentityServer4 & Identity ASP.NET Core
- Is an API that supports user interface (UI) login functionality.
- Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 3.0. IdentityServer4 enables the following security features:
- Authentication as a Service (AaaS)
- Single sign-on/off (SSO) over multiple application types
- Access control for APIs
- Federation Gateway
Only Identity ASP.NET Core
Same as above only without the IdentityServer but using only Identity. Will only be running on the same server as the main server.
Implement the tables for the users/roles/etc on our own instead of letting ASP.Identity deal with that. Manage the users on our own. Use IdentityServer for SSO and OAuth2/OpenID
Used this in golang, so might include it as an option.
- Doesn’t deal with authentication at all. No user tables
- no direct EF integration (this is both a advantage and a disadvantage)
- Cool role management system
Simply implement an OAuth2 server on the project. Create your own tokens and workflow.
Please, add more suggestions and I’ll edit the post.