Identity Server
Eintrag zuletzt aktualisiert am: 24.05.2021
Identity Server ist ein .NET-basierter
Authentifizierungsserver, der
OpenID Connect (
OIDC) und
OAuth 2.0 anbietet und als
Middleware für Token-basierte
Webservices dient.
Entwicklung
v1: Früherer Name: Starter
STS (auf Basis Windows Idenity Foundation, mit WS-Federation und WS-Trust), UI mit ASP.NET
Webforms
v2: Identity Server 2 mit
MVC-UI
v3: Identity Server 3 mit ASP.NET &
Katana, ohne WS-*, dafür
OpenID Connect (
OIDC) und
OAuth 2.0
v4: Identity Server 4 auf Basis
ASP.NET Core
v5: Duende Identity Server 5
Duende Identity Server 5 ist nur noch für den Einsatz in
Open Source-Projekten und kleinere Firmen (< 1 Mio US-Dollar Umsatz) kostenfrei. Für andere Projekte vertreibt die Firma Duende Software Lizenzen. Die Preise fangen bei 1.500 US-Dollar pro Jahr für drei Client-Anwendungen an und reichen bis 12.000 US-Dollar pro Jahr für eine Enterprise-Lizenz für ein unlimitierte Anzahl von Client-Anwendungen.
Microsoft integriert seit .NET Core 4.0 Identity Server 4 (
JWT Token) in
ASP.NET Core &
Blazor:
NuGet Microsoft.AspNetCore.ApiAuthorization.IdentityServer
Microsoft will trotz der Lizenzänderung in
.NET 6 verfahren wie bisher.
Geschichte von identity Server
Quelle:
https://leastprivilege.com/2020/10/01/the-future-of-identityserver/
"The very first version of IdentityServer, which was called Starter
STS, was a collection of 7 aspx files with embedded code-behind. At the time, the project was considered a “WebSite Project” (Remember those?) and was hosted on CodePlex. Though Starter
STS was very simple, thanks to
WIF, it was a pretty decent starting point for implementing WS-Federation and WS-Trust.
Starter
STS was the outcome of reimplementing token service solutions for a handful of customers and subsequently noticing a pattern in boilerplate and customer-specific usage. This was around 2009.
A lot has happened since then. I began working with Brock, whom I knew from teaching for DevelopMentor, and together we created IdentityServer1 and IdentityServer2. Both were ready-to-use web applications built with WebForms and then later
MVC. Through it all, our basic idea never changed: give people a starting point for building a security token service. At one point, we attempted to make certain things configurable from the UI, but we quickly realized that IdentityServer’s real value was ist customizability. Driving everything from a configuration UI just didn’t work.
Enter IdentityServer3. This is when we made the decision to become a framework. We realized that C# was the ultimate configuration
DSL. At the same time, ASP.NET had become more modular (with
Katana) and IdentityServer became a middleware/engine for implementing
OpenID Connect and Oauth 2-based token services. We dumped WS-* and focused on modern identity and access control. This turned out to be a great decision.
At this point, it was apparent to us that
OpenID Connect and Oauth were becoming the standard for building SSO and
API access. It was also clear that none of the off-the-shelf products or
SaaS solutions were flexible enough to fulfill many of our customers’ needs. This is still the case.
IdentityServer4 was a logical progression. Brock and I became better as a team, ASP.NET became better with
ASP.NET Core, and IdentityServer became more useful and popular.
Today IdentityServer4 is used by thousands of companies and has achieved over 12 million total downloads on Nuget, and has become the de facto standard for .NET-based token services. In addition, it is used as the token plumbing for Microsoft’s
Angular,
React and
Blazor templates for
ASP.NET Core."