Aspnetcore.docs: Please include details to use Identity for WebApis

Duplicate of #4556

@Rick-Anderson Thanks for pointing to original Issue. I just read through and here too it seems like that ASP.Net Core Identity is applicable to MVC only, for WebApi's we need third party schemes. If that's correct can we please update this information to the page ?

Per @HaoK
There's a bit of conflation here, and there are two parts of identity, users/roles and that stuff is applicable everywhere, identity by default uses cookies to store that info, so its that piece that is not applicable to WebAPI, so they would have to do the work to use identity to login/etc, and then typically generate a bearer token (which is why IdentityServer/OpenIdict is used there).

We are also integrating identity server with identity:
https://github.com/aspnet/AspNetCore/issues/5833

@Rick-Anderson Thanks for the clarification. I think this piece of information is important and the scope of Identity needs to be explicitly mentioned. I would request a simple sample too on how to integrate any Token Provider / Validator can be combined with Identity. If not sample may be just a bit of overview of the integration of the two systems.

As we are already working on integrating IdentityServer and Identity i hope we are going to have a good details after work is finished. So, may be for now we can have a sort of quick fix on the existing articles to make the scope of Identity clear and redirect WebApi creators to IdentityServer.

Your thoughts ??

Ping me early next year and I'll see what I can do.

@Rick-Anderson, greetings and wishes for the new year !!

Can we update the doc to explicit mention that Asp.Net Core WebAPI projects needs to have bearer token generation Server, along with a sample ?

@danroth27 - @blowdart We've lost @CamSoper so we need someone from the PU to write the draft and sample code. Can you schedule this? See also #4556

Well it's still not available so it's low on my concern list until we have a beta

@blowdart If you mean IdentityServer and Identity integration, then i agree that we can wait for those samples. But as of now for Asp.Net core 2.x, we still don't have much in the docs on Authorization and Authentication of WebApis.

That's because there's no way to do it without integration with other parties, and that sort of documentation would be up to the other parties

@blowdart That's why we must atleast mention that third-party providers are required for WebApis, along with a few suggested providers. Just the way we did in logging section

@Rick-Anderson I found this blog post by @csharpfritz , in which he demonstrates ASP.Net core Authentication using IdentityServer4. @blowdart , in this blog-post there's a mention about connecting ASP.Net Core Authentication with IdentityServer4. Is this something different from what you've been referring to ?

For your reference here's another post Asp.Net Authentication using OpenIddict

@Rick-Anderson I see you wanted to wait until the beginning of 2019 to address how to connect a Web API to the .net Identity Framework. Can you point us to some help for this?

It will be announced here. @blowdart owns it.

@blowdart I'm hoping you can identify where we are on this. It would seem to me that passing the U&P through the header in a TSL protected HTTPS post would have the same security as any other web request so no 3rd party is needed. We just need to know how to connect from the api to dotnet Identity Framework so we can authenticate and authorize users who are already in our database (i.e., we already use Identity Framework for our website so we have users but now we want to add an api in dotnet core).

@blowdart It would be great if you could provide direction on how to do this with the latest version of dotnet core on Azure which I believe is 3.0 (including what package versions to have installed).

Even the real answer in 3.0 is "Use identity server, and here, we put it in the box for you". I'm not about to comment on the validity of any other approach.

As the template in 3.0 is currently very early alpha and looking for feedback, documentation is somewhat down the list of things to do.

With .net Core 3.0 in very early alpha, can we get a working version of a connection from an Azure API to authenticate and authorize users via .net Identity Framework in the last version of .net Core which is at this point "mature"?

I don't believe the docs repo is the right place to ask about features. Frankly I'm unsure what you're asking for here. There's no .NET Identity Framework, an Azure API isn't something we have templates for (and I can't tell if you mean an API that azure offers, or an API you host on azure).

If this is not, as I suspect, a docs issue, then the aspnet repo would be a better place to ask feature questions.

Closing this as there is no more action pending here from us.