## Project Status

This is currently in **beta version**

The application is written in the **Asp.Net Core MVC - using .NET Core 2.2**

**NOTE:** Works only with **IdentityServer4 version 2.3.0 and higher** 🚀

## Requirements

- [Install](https://www.microsoft.com/net/download/windows#/current) the latest .NET Core 2.x SDK (using older versions may lead to 502.5 errors when hosted on IIS or application exiting immediately after starting when self-hosted)

## Installation via dotnet new template

- Install the dotnet new template:

```sh
dotnet new -i Skoruba.IdentityServer4.Admin.Templates::1.0.0-beta6
```

- Create new project: ```sh dotnet new skoruba.is4admin --name MyProject --title MyProject --adminrole MyRole --adminclientid MyClientId --adminclientsecret MyClientSecret ``` Project template options: ``` --name: [string value] for project name --title: [string value] for title and footer of the administration in UI --adminrole: [string value] for name of admin role, that is used to authorize the administration --adminclientid: [string value] for client name, that is used in the IdentityServer4 configuration for admin client --adminclientsecret: [string value] for client secret, that is used in the IdentityServer4 configuration for admin client ``` ## How to configure the Administration - IdentityServer4 and Asp.Net Core Identity - [Follow these steps for setup project to use existing IdentityServer4 and Asp.Net Core Identity](docs/Configure-Administration.md) ### Template uses following list of nuget packages - [Available nuget packages](https://www.nuget.org/profiles/skoruba) ### Running in Visual Studio - Set Startup projects: - Skoruba.IdentityServer4.Admin - Skoruba.IdentityServer4.STS.Identity ## Configuration of Administration for Deployment - [Configuration of Admin for deploy on Azure](docs/Configure-Azure-Deploy.md) - [Configuration of Admin on Ubuntu with PostgreSQL database](docs/Configure-Ubuntu-PostgreSQL-Tutorial.md) ## Administration UI preview - This administration uses bootstrap 4 - Admin UI  - Security token service (STS)  - Forms:  ## Cloning ```sh git clone https://github.com/skoruba/IdentityServer4.Admin ``` ## Installation of the Client Libraries ```sh cd src/Skoruba.IdentityServer4.Admin npm install cd src/Skoruba.IdentityServer4.STS.Identity npm install ``` ## Bundling and Minification The following Gulp commands are available: - `gulp fonts` - copy fonts to the `dist` folder - `gulp styles` - minify CSS, compile SASS to CSS - `gulp scripts` - bundle and minify JS - `gulp clean` - remove the `dist` folder - `gulp build` - run the `styles` and `scripts` tasks ## EF Core & Data Access - The solution uses these `DbContexts`: - `AdminIdentityDbContext`: for Asp.Net Core Identity - `AdminLogDbContext`: for logging - `IdentityServerConfigurationDbContext`: for IdentityServer configuration store - `IdentityServerPersistedGrantDbContext`: for IdentityServer operational store - Run entity framework migrations: ### Visual Studio command line (Nuget package manager): #### Migrations for Asp.Net Core Identity DbContext: ```powershell Add-Migration AspNetIdentityDbInit -context AdminIdentityDbContext -output Data/Migrations/Identity Update-Database -context AdminIdentityDbContext ``` #### Migrations for Logging DbContext: ```powershell Add-Migration LoggingDbInit -context AdminLogDbContext -output Data/Migrations/Logging Update-Database -context AdminLogDbContext ``` #### Migrations for IdentityServer configuration DbContext: ```powershell Add-Migration IdentityServerConfigurationDbInit -context IdentityServerConfigurationDbContext -output Data/Migrations/IdentityServerConfiguration Update-Database -context IdentityServerConfigurationDbContext ``` #### Migrations for IdentityServer persisted grants DbContext: ```powershell Add-Migration IdentityServerPersistedGrantsDbInit -context IdentityServerPersistedGrantDbContext -output Data/Migrations/IdentityServerGrants Update-Database -context IdentityServerPersistedGrantDbContext ``` ### Or via `dotnet CLI`: #### Migrations for Asp.Net Core Identity DbContext: ```powershell dotnet ef migrations add AspNetIdentityDbInit -c AdminIdentityDbContext -o Data/Migrations/Identity dotnet ef database update -c AdminIdentityDbContext ``` #### Migrations for Logging DbContext: ```powershell dotnet ef migrations add LoggingDbInit -c AdminLogDbContext -o Data/Migrations/Logging dotnet ef database update -c AdminLogDbContext ``` #### Migrations for IdentityServer configuration DbContext: ```powershell dotnet ef migrations add IdentityServerConfigurationDbInit -c IdentityServerConfigurationDbContext -o Data/Migrations/IdentityServerConfiguration dotnet ef database update -c IdentityServerConfigurationDbContext ``` #### Migrations for IdentityServer persisted grants DbContext: ```powershell dotnet ef migrations add IdentityServerPersistedGrantsDbInit -c IdentityServerPersistedGrantDbContext -o Data/Migrations/IdentityServerGrants dotnet ef database update -c IdentityServerPersistedGrantDbContext ``` Migrations are not a part of the repository - they are ignored in `.gitignore`. ### We suggest to use seed data: - In `Program.cs` -> `Main`, uncomment `DbMigrationHelpers.EnsureSeedData(host)` or use dotnet CLI `dotnet run /seed` - The `Clients` and `Resources` files in `Configuration/IdentityServer` are the initial data, based on a sample from IdentityServer4 - The `Users` file in `Configuration/Identity` contains the default admin username and password for the first login ### Using other database engines - PostgreSQL, SQLite, MySQL etc. - [Follow these steps for setup other database engines](docs/EFMigration.md) ## Authentication and Authorization - Change the specific URLs and names for the IdentityServer and Authentication settings in `Constants/AuthenticationConsts` or `appsettings.json` - `Constants/AuthorizationConsts.cs` contains configuration of constants connected with authorization - definition of the default name of admin policy - In the controllers is used the policy which name is stored in - `AuthorizationConsts.AdministrationPolicy`. In the policy - `AuthorizationConsts.AdministrationPolicy` is defined required role stored in - `AuthorizationConsts.AdministrationRole`. - With the default configuration, it is necessary to configure and run instance of IdentityServer4. It is possible to use initial migration for creating the client as it mentioned above ### Login Configuration - In `Skoruba.IdentityServer4.STS.Identity` - in `appsettings.json` is possible to specify which column will be used for login (`Username` or `Email`): ``` "LoginConfiguration": { "ResolutionPolicy": "Username" } ``` or using `Email`: ``` "LoginConfiguration": { "ResolutionPolicy": "Email" } ``` ### Register Configuration - In `Skoruba.IdentityServer4.STS.Identity` - in `appsettings.json` is possible to disable user registration (`default: true`): ``` "RegisterConfiguration": { "Enabled": false } ``` ## Localizations - labels, messages - All labels and messages are stored in the resources `.resx` - locatated in `/Resources` - Client label descriptions from - http://docs.identityserver.io/en/release/reference/client.html - Api Resource label descriptions from - http://docs.identityserver.io/en/release/reference/api_resource.html - Identity Resource label descriptions from - http://docs.identityserver.io/en/release/reference/identity_resource.html ## Tests - The solution contains unit and integration tests. - **Stage environment is used for integration tests**: - `DbContext` contains setup for InMemory database - `Authentication` is setup for `CookieAuthentication` - with fake login url only for testing purpose - `AuthenticatedTestRequestMiddleware` - middleware for testing of authentication. - If you want to use `Stage environment` for deploying - it is necessary to change these settings in `StartupHelpers.cs`. ## Overview ### Solution structure: - STS: - `Skoruba.IdentityServer4.STS.Identity` - project that contains the instance of IdentityServer4 and combine these samples - [Quickstart UI for the IdentityServer4 with Asp.Net Core Identity and EF Core storage](https://github.com/IdentityServer/IdentityServer4.Samples/tree/master/Quickstarts/Combined_AspId_and_EFStorage) and [damienbod - IdentityServer4 and Identity template](https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate) - Admin UI: - `Skoruba.IdentityServer4.Admin` - ASP.NET Core MVC application that contains Admin UI - `Skoruba.IdentityServer4.Admin.BusinessLogic` - project that contains Dtos, Repositories, Services and Mappers for the IdentityServer4 - `Skoruba.IdentityServer4.Admin.BusinessLogic.Identity` - project that contains Dtos, Repositories, Services and Mappers for the Asp.Net Core Identity - `Skoruba.IdentityServer4.Admin.BusinessLogic.Shared` - project that contains shared Dtos and ExceptionHandling for the Business Logic layer of the IdentityServer4 and Asp.Net Core Identity - `Skoruba.IdentityServer4.Admin.EntityFramework` - EF Core data layer that contains Entities for the IdentityServer4 - `Skoruba.IdentityServer4.Admin.EntityFramework.Identity` - EF Core data layer that contains Entities for the Asp.Net Core Identity - `Skoruba.IdentityServer4.Admin.EntityFramework.DbContexts` - project that contains DbContexts for the IdentityServer4, Logging and Asp.Net Core Identity - Tests: - `Skoruba.IdentityServer4.Admin.IntegrationTests` - xUnit project that contains the integration tests for AdminUI - `Skoruba.IdentityServer4.Admin.UnitTests` - xUnit project that contains the unit tests for AdminUI - `Skoruba.IdentityServer4.STS.IntegrationTests` - xUnit project that contains the integration tests for STS ### The admininistration contains the following sections:  ## IdentityServer4 **Clients** It is possible to define the configuration according the client type - by default the client types are used: - Empty - Web Application - Server side - Hybrid flow - Single Page Application - Javascript - Authorization Code Flow with PKCE - Native Application - Mobile/Desktop - Hybrid flow - Machine/Robot - Resource Owner Password and Client Credentials flow - TV and Limited-Input Device Application - Device flow - Actions: Add, Update, Clone, Remove - Entities: - Client Cors Origins - Client Grant Types - Client IdP Restrictions - Client Post Logout Redirect Uris - Client Properties - Client Redirect Uris - Client Scopes - Client Secrets **API Resources** - Actions: Add, Update, Remove - Entities: - Api Claims - Api Scopes - Api Scope Claims - Api Secrets - Api Properties **Identity Resources** - Actions: Add, Update, Remove - Entities: - Identity Claims - Identity Properties ## Asp.Net Core Identity **Users** - Actions: Add, Update, Delete - Entities: - User Roles - User Logins - User Claims **Roles** - Actions: Add, Update, Delete - Entities: - Role Claims ## Application Diagram  ## Plan & Vision ### 1.0.0: - [x] Create the Business Logic & EF layers - available as a nuget package - [x] Create a project template using dotnet CLI - `dotnet new template` - [x] First template: The administration of the IdentityServer4 and Asp.Net Core Identity - [x] Add logging into - [x] Database - [x] File - [x] Add localization for other languages - [x] English - [x] Chinese - [x] Russian - [x] Persian - [x] Manage profile - [x] Password reset - [x] Link account to an external provider (example with Github) - [x] Two-Factor Authentication (2FA) - [x] User registration - [x] Email service ### 1.1.0: - [ ] Docker support ([#121](https://github.com/skoruba/IdentityServer4.Admin/issues/121)) - [ ] Add audit logs to track changes ([#61](https://github.com/skoruba/IdentityServer4.Admin/issues/61)) - [ ] Create a project template using dotnet CLI - `dotnet new template` - [ ] Second template: The administration of the IdentityServer4 (without Asp.Net Core Identity) ([#79](https://github.com/skoruba/IdentityServer4.Admin/issues/79)) ### 2.0.0: - [ ] Add API: - [ ] IdentityServer4 - [ ] Asp.Net Core Identity - [ ] Add swagger support ### Future: - Add UI tests - Add more unit and integration tests :blush: - Extend administration for another protocols - Create separate UI using `Razor Class Library` ## Licence This repository is licensed under the terms of the [**MIT license**](LICENSE.md). **NOTE**: This repository uses the source code from https://github.com/IdentityServer/IdentityServer4.Quickstart.UI which is under the terms of the [**Apache License 2.0**](https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/master/LICENSE). ## Acknowledgements This web application is based on these projects: - ASP.NET Core - IdentityServer4.EntityFramework - ASP.NET Core Identity - XUnit - Fluent Assertions - Bogus - AutoMapper - Serilog Thanks to [Tomáš Hübelbauer](https://github.com/TomasHubelbauer) for the initial code review. Thanks goes to these wonderful people:

This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind are welcome! ## Contact and Suggestion I am happy to share my attempt of the implementation of the administration for IdentityServer4 and ASP.NET Core Identity. Any feedback is welcome - feel free to create an issue or send me an email - [jan@skoruba.com](mailto:jan@skoruba.com). Thank you :blush: