I currently have a Blazor WASM project that gets it's ID/Access tokens from an AspNetCore 5 app service with IdentityServer4 IDP hosted in Azure that leverages Microsoft Identity for the user store. The actual database that MS Identity component in the IDP is using is hosted in Azure SQL. I also have a separate AspNetCore 5 web API solution that is authenticated against the IDP.
Currently, new users are required to Register using the MS Identity Register UI in the IDP.
Now I have a request to allow site managers to create the initial users for their organization (perhaps in bulk or batches) rather than letting users access the MS Identity based Register link in the IDP themselves, directly.
So I was thinking I could just, basically, create a users controller in my API that connected to the Azure SQL database used by my IDP via EntityFramework. I was hoping I could somehow make use of the Microsoft.AspNetCore.Identity package to leverage the Identity project's classes and methods in my AspNetCore 5 API for UserManager, RoleManager, IdentityUser, etc. However, I do not see how to register the services in Startup.cs --> ConfigureServices so that I can actually access the UserManager and RoleManager tools (for example) via DI, in my API's services.
I am not looking to actually authenticate logins or generate my own Identity/Access tokens here. I just want to create/edit users, perhaps in bulk or batches.
I don't think that using...
services.AddIdentity<User, IdentityRole>()
.AddRoles<IdentityRole>()
.AddRoleManager<RoleManager<IdentityRole>>()
.AddEntityFrameworkStores<UsersDbContext>(); services.AddIdentity
In my API's startup.cs as that seems like it would interfere with the...
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
...
...
});
I am using to authenticate the Access Token.
I just thought I could use Microsoft's AspNetCore Identity package to access the user and role tools needed to CRUD user accounts from within my own API, perhaps in batches, rather than role my own classes and methods within my API.
Does anyone know if this is possible and if so, how to correctly register the Microsoft AspNetCore Identity services in DI?
As it turns out, there is a version of the services.AddIdentity called AddIdentityCore, which provides the user management utilities without the ID/Access token elements.
Adding the following code to Startup.cs --> ConfigureServices in my API did the trick.
services.AddIdentityCore<User>()
.AddRoles<IdentityRole>()
.AddRoleManager<RoleManager<IdentityRole>>()
.AddEntityFrameworkStores<UsersDbContext>()
.AddDefaultTokenProviders();
The .AddDefaultTokenProviders() adds the ability to generate the code used in the callback link when you send a Confirmation Email when creating a new account.
With this code in Startup, I was able to inject Usermanager and RoleManager into my services as needed and still correctly authorize the OAuth2 token to secure access to the API itself.