Is there a way to Get username & id of current user in Remote Bff Api Endpoint

Question

Can someone guide me or put me in the right direction? I'm new with microservices and Identityserver. I googled it but it's mostly about doing in mvc app that's not my scenario.

I have 3 projects in my .sln file

FrontendHost //Bff frontend dotnet react app

IdentityService //Asp.net mvc app Duende IdentityServer 6 for protecting Apis. Added claims here are openid, profile, email

BackendApi1 //.net6 web api that is protected using Remote Bff Api Endpoint approach.

I've a string Created By field in a model inside BackendApi1 project and in its api controller I wanna assign it with current signed-in user's name.

I tried with

var user = User.Identity.GetUserId(); 

But didn't get the expected result.

Answer 1

Implementing a front-end with a BFF can be pretty daunting. It's complicated to grasp the concepts. That's why I've built a simple open source BFF implementation free for anyone to use.

First, it is important to understand how API authorization works. I have tried to describe it best i can in this article: https://medium.com/web-security/implementing-api-authorization-with-asp-net-core-and-oauth2-39d883895e3a

Once you understand how API authorization works, it is important to understand that a BFF works as a reverse proxy. It delegates requests "downstream" as it were, i've tried to describe what a reverse proxy does here: https://medium.com/web-security/what-is-a-reverse-proxy-a5639e2bfac2

In your case, when you create an asp.net core project with a react app in it, there is a server-side component which is both the BFF and the host for the SPA. This can be quite confusing. That's why I would recommend creating one front-end project and a seperate BFF. Then you'd get the following infrastructure: https://medium.com/web-security/the-back-end-for-front-end-security-pattern-fd8c8d69c3e0

I understand that still, this is pretty much to grasp and apply, that's why i've created three sample apps. The spa is built in Angular, but you can replace it with a React spa if you like:

• A bff + aspnetcore api + angular spa + auth0
• A bff + aspnetcore api + angular spa + identityserver4
• A bff + aspnetcore api + angular spa + azure ad

In these samples you can see how you must configure your API in order to het context.Identity... to work properly.

Please refer to these articles to see how you must configure the identity provider and the BFF for everything to work properly:

• https://medium.com/web-security/implementing-the-bff-security-pattern-with-gocloudnative-bff-and-auth0-773a888979c
• https://medium.com/web-security/implementing-the-bff-security-pattern-with-azuread-b2c-4f340cafecfb
• https://medium.com/web-security/implementing-the-bff-security-pattern-with-identityserver4-and-gocloudnative-bff-a8b594308363

Hope this helps!!