Skip to content

IdentityServer management with Databases and User Interface.

License

Notifications You must be signed in to change notification settings

heliosCreation/IdentityServer-HeliosAdminUI

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IdentityServer4-HeliosAdminUI

This application is a "ready to go" project aiming to simplify your experience with the - amazing - IdentityServer of Dominick Baier and Brock Allen. There are two main points that differs from the original templates already kindly available and that we'll discuss here.
The first one is to offer persitency to your configuration through database storage. Instead of only writting your configuration in the good old "Config.cs" you will also have the possibility to manage it in a SQL-server database instance through a UI.
A User store based on Identity Framework is also provided with basical authentication services, aka Registration, Sign in, Email Confirmation, and Password Reset. No mail service here though, so you'll have to implement it yourself.
The second main topic here is the UI. API scopes, Identity Resources, Clients, Users, and Roles are all manageable through a built-in interface, secured with Identity Framework and documented with the definitions available on the Official Documentation.

Interested? Let's dig right in.

Installation

To begin with, you'll have to clone this project.
Choose your location of choice on your local machine, and type:

git clone https://github.com/heliosCreation/IdentityServer-HeliosAdminUI.git

In order to be able to push your own work to your future repo, modify the origin:

git remote set-url origin https://github.com/YOU/YOUR_REPO

Once the project is install, we'll have to get those databases working.
So let's open the solution and start the exploration.

Databases Setup

1 - Connection Strings

In the appSettings.json you'll find the connection strings to setup the informations used to create your databases.

ConnectionStrings

Change the server location and database name as per you need.

Once you're good with that, we're going to create your databases.

2 - Run the updates.

Since the migrations files are already in the project, all you have to do in to run the updates. Open your package manager and run those commands:
Update-database -Context ApplicationDbContext 
Update-database -Context PersistedGrantDbContext 
Update-database -Context ConfigurationDbContext
Update-database -Context CustomConfigurationDbContext 

And here we go, just like that our stores are ready to be used.

3 - Let's plant some seeds 🌱

The application is design to enable a default basic seeding of Configuration, Users and Roles.
In order to use it, all you have to do is to launch your project with specific parameters. If you dig a little bit in the "Program.cs", you'll see those three lines of code:

Seeds

Pretty clear in terms of arguments, right?
So Right click on your project, go to Properties > Debug and let's start with the Roles: Args

Start the project, and you should see a terminal with those informations written:

SeedRole

Repeat the operation with the the seedUsers and seedConfig, the terminal should open again with validations messages.

4 - Additional notes about the seeds behaviour

  • The role seed, will insert one role in the DB. Named IsAdmin. Said role will be used to access the Admin feature of the server. Change the name as per your need, but remember to also take a look at the Authorization method of the controllers to replace it as well.
  • The user seed will insert three default users in the database. Alice & Bob with password Pass123$, and admin with password Pwd12345!. Remember to modify this password in the future.
  • The configurational seed will use the information found in the config.cs to produce the first set of data. Customize it per your need !

Discovery of the UI

Now that the preparation is done. I'm gonna walk you through the interface and the features you can access.
First we'll have to login with the admin account. If the login is successful, in the upper right corner of the navigation bar you should see a new dropdown: HomeDropdown

We are first going to access the home page: HomePage

I think the page itself is pretty self-explanatory. The four main management themes of the app are here. Let's begin with the Api Scopes management now, shall we?

1 - Api Scopes

All of the sections presented above, when clicked, will take you to a page with two choices. Choice 1, show me my resources. Choice 2, let me create a new one.

ApiScopesHome


A - The List
Would you choose to access the List, you will be taken to a page letting you see you resources along with the major fields defining it.
Three options are also given here: Create, Update and Delete. Following the basics of a CRUD implementation.

ApiScopeListed

B - The Creation
When choosing to create a new resource, you will be taken to a form letting you specifies the configuration you wish for you resource.
Along with it, as displayed in the image below, some usefull information about the fields can be accessed by hovering the "(i)" icons following the labels:

ApiScopeCreate

Upon valid creation, you will be prompted with a validation message:
ApiScopeSuccess

C - The Update
On the displayed list of your resource, if you choose to click on the green pen icons in the "Actions" column, you will be taken to a view similar to the one displayed above. The only difference being that the fields will be pre-populated with your past choice. Modify them at will and validate your choice by clicking on the "Update" button. Your will, once again, be prompted with a validation message.
D - The Deletion
On the displayed list of your resource, if you choose to click on the red bin icons in the "Actions" column, you will be taken to the view below, asking you to validate your wish to delete this resource a second time:

ApiScopeDelete

Once done, and as always, a validation message will be prompted to you.

2 - Identity Resource

The management of the Identity Resources mostly follow the same flow. Only difference being in the create method. In order to create the claim for your Identity resource, you are given the ability to create and/or remove tags representing the desired claims. To add one, type in the corresponding bar and press "Enter". To remove it, click on little arrow being part of the tag.

IdentityResourceCreate

3 - Clients

The flow is once more mostly similar, the difference being again in the create method.
The form is splitted in three main sections. The first one, being, the "Basic" one lets you define your Id, Name and Secret for this Client. As written in the picture bellow, take note of the Secret you will wish to define, as it won't be available anywhere else later.

Client

The second section lets you define the URIs used by the client: ClientCreateUri

The third lets you define the Grants and Scopes of your Client.
The grant types correspond to the default one provided by the IdentityServer Documentation. The clickable Scopes are also based on the default ones of the documentation.
Finally, for a more customizable approach, you can create your own custom scopes.
ClientCreateGrantAndScope

The fourth and final section let's you manage the way your application deals with token expiracy and refresh token. Do I want a refresh token mechanism to be impletemented? Should it update the relatives claims on update? How long do I want the access token to be valid? All that can be dealt with right here.
RefreshToken

4 - Users & Roles

We are Lastly going to discuss the about how to manage your Roles and Users on the server.
From the Admin home page, if you decide to click on the last section, you will taken to a menu offering you two choices:

UsersAndRoles

The User section will give you the capacities to create new user without the need of a proper flow following the Register method. You will also have the ability to add your newly created user to the roles you built on your server. It goes without saying that you will be able to update and delete those users as you wish.
Below, a caption of the User creation form:
UserCreate

And finally, the Role section. Three possibilities are also given to you here. Creating new roles, Listing them, and deleting them.
The newly created Roles, will be automatically added to the list of choices you can access upon the creation of a new user.

Final Thought

If you went down as far a this line, I would like to thank you for your attention.
This project represents hours of work and head scratching. I know it's not perfect and there are still a good amount of work to be done, but I hope it might be usefull to some of you.

Enjoy and keep coding !

License

MIT