The Redakt Identity Server handles your back-office user authentication. It can be used as part of a complete Redakt application (together with the back office module and public-facing website), as part of a back-office application (together with the back office module), or as a standalone service. In most cases, you will install the identity server in the same project as the back office module. If you're not using the Redakt Identity Server in your application, you will need different means of handling user authentication (i.e. a third party or custom identity server).

The Redakt Identity Server supports authentication through the default Redakt identity provider (username/password authentication), and a number of OpenID Connect / oAuth2 based identity providers. Other external identity providers can be added through custom implementation. After successful authentication, the Identity Server provides a JWT bearer token to the user agent for subsequent back office access.

The identity server only handles user authentication; adding and updating users and groups is done in the back office. Both the identity server and back office application use the same identity store.

Installation

Install the Redakt Identity Server package with the NuGet package manager or the Package Manager Console.

PM> Install-Package Redakt.IdentityServer

Service registration

Services for the Identity Server module are registered automatically by the default services.AddRedakt() call, so you don't have to register this module explicitly. Alternatively, if you prefer to register modules manually or need to pass configuration options, you can do so by calling services.AddRedakt(false) instead to prevent automatic module registration. In that case, you have to register the module explicitly as follows.

Register Identity Server services in the ConfigureServices() method of your project's Startup.cs file by adding an AddIdentityServer() call to the Redakt builder instance. The order in which services are added to the Redakt builder is not important.

public void ConfigureServices(IServiceCollection services)
{
    // ... framework and other services here

    var builder = services.AddRedakt(false);  // Pass false to prevent automatic registration of installed Redakt modules.
    builder.AddIdentityServer();  // Optionally pass Action<RedaktIdentityServerOptions> parameter.
    builder.AddBackOffice();  // In most cases you will also configure the back office module in the same project.
    // ... other Redakt services
}

Configuration settings

The Redakt Identity Server can be configured through the appsettings.json file. Any configuration that is not included in the appsettings.json file will be set to its default values. Additionally, an Action<RedaktIdentityServerOptions> configuration delegate may be passed to the AddIdentityServer() call. Configuration set through this delegate takes priority and overrides values in the appsettings.json file.

{
    "Redakt": {
        "IdentityServer": {
            "RootPath": "account",
            "RememberMeDurationMinutes": 43200  // 30 days
        }
    }
}

Root Path

The relative URL that the identity server is served from. If the back office is installed as part of the same project, the URL is relative to the back office root (f.e. /redakt/account), otherwise, the URL is relative to the site root. Defaults to "account"; generally there should be no reason to change the default setting.

Remember Me Duration

The number of minutes before the access token cookie will expire if a user has checked "Remember Me" when logging in. Defaults to 43200 (30 days).

If the user has not checked "Remember Me", the access token is saved in a session cookie which expires when the user closes all browser windows.

Middleware registration

The Redakt Identity Server requires its middleware to be inserted into the ASP.NET Core request pipeline. Add the middleware to the request pipeline in the Configure() method of your project's Startup.cs file. The order of adding middleware to the pipeline matters. The code snippet below shows the correct order in which to add Redakt middleware when you're also including the back office module and web rendering engine in this project.

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // ... other pipeline configuration here

    // Redakt middleware registration
    app.UseRedaktIdentityServer();  // Add identity server first.
    app.UseRedaktBackOffice();  // Back office comes before page rendering.
    app.UseRedaktPageRendering();
}

OpenID Connect / oAuth2 providers

The Redakt Identity Server supports authenticating in via external identity providers. See identity providers for more information and configuration options.