Skoruba.IdentityServer4.Admin

The administration for the IdentityServer4 and Asp.Net Core Identity

Big Thanks 🙏🏻 and an Update on the Project ⚡️

I just want to say a huge THANK YOU to everyone who has contributed to IdentityServer4.Admin over the years. Reaching almost 4,000 stars ⭐️ on GitHub has been such an incredible milestone, and it is all thanks to this amazing community. I truly could not have done it without you.

With the end of support for .NET 6 and IdentityServer4, I have made the decision to stop maintaining this repository.

But do not worry—this is not goodbye!

I am excited to introduce my new project: Duende IdentityServer Admin.

This is the next evolution of this project and is fully supported. I would love for you to check it out and join me on this journey. 😊

Thanks again for everything—your contributions, feedback, and support have meant so much to me. I hope to see you over on the new project!

Need help migrating?

If you need any assistance migrating to Duende IdentityServer, feel free to reach out:

• Email: jan.skoruba@gmail.com
• Social media: Connect with me directly!

Looking forward to seeing you in the new repository. 🚀

Cheers,
Jan Skoruba ❤️

🎉 New version of Duende IdentityServer Admin UI available here ⚡

Requirements

• Install the latest .NET 6 SDK (using older versions may lead to 502.5 errors when hosted on IIS or application exiting immediately after starting when self-hosted)

Installation via dotnet new template

• Install the dotnet new template:

Version 2.0.0 and higher works with IdentityServer4 version 4 🚀

• 🔒 NOTE: This version affects your database data if you use the default database migrations that are part of the project - double check the migrations according to your database provider and create a database backup

dotnet new -i Skoruba.IdentityServer4.Admin.Templates::2.1.0

Create new project:

dotnet new skoruba.is4admin --name MyProject --title MyProject --adminemail "admin@example.com" --adminpassword "Pa$$word123" --adminrole MyRole --adminclientid MyClientId --adminclientsecret MyClientSecret --dockersupport true

Project template options:

--name: [string value] for project name
--adminpassword: [string value] admin password
--adminemail: [string value] admin email
--title: [string value] for title and footer of the administration in UI
--adminrole: [string value] for name of admin role, that is used to authorize the administration
--adminclientid: [string value] for client name, that is used in the IdentityServer4 configuration for admin client
--adminclientsecret: [string value] for client secret, that is used in the IdentityServer4 configuration for admin client
--dockersupport: [boolean value] include docker support

How to configure the Administration - IdentityServer4 and Asp.Net Core Identity

• Follow these steps for setup project to use existing IdentityServer4 and Asp.Net Core Identity

Template uses following list of nuget packages

• Available nuget packages

Running in Visual Studio

• Set Startup projects:
  • Skoruba.IdentityServer4.Admin
  • Skoruba.IdentityServer4.Admin.Api
  • Skoruba.IdentityServer4.STS.Identity

Configuration of Administration for Deployment

• Configuration of Admin for deploy on Azure
• Configuration of Admin on Ubuntu with PostgreSQL database

Administration UI preview

• This administration uses bootstrap 4

Admin UI - Light mode 🌞

Admin UI - Dark mode 🌙

Security token service (STS)

Forms

Cloning

git clone https://github.com/skoruba/IdentityServer4.Admin

Running via Docker

• It is possible to run Admin UI through the docker.

Docker setup

DNS

We need some resolving capabilities in order for the project to work. The domain skoruba.local is used here to represent the domain this setup is hosted on. The domain-name needs to be FQDN (fully qualified domain name).

Thus first, we need the domain skoruba.local to resolve to the docker-host machine. If you want this to work on your local machine only, use the first option.

DNS on docker-host machine only

Edit your hosts file:

• On Linux: \etc\hosts
• On Windows: C:\Windows\system32\drivers\etc\hosts

and add the following entries:

127.0.0.1 skoruba.local sts.skoruba.local admin.skoruba.local admin-api.skoruba.local

This way your host machine resolves skoruba.local and its subdomains to itself.

Certificates

We also need certificates in order to serve on HTTPS. We'll make our own self-signed certificates with mkcert.

If the domain is publicly available through DNS, you can use Let's Encypt. Nginx-proxy has support for that, which is left out in this setup.

MkCert

Create the root certificate

Use mkcert to generate local self-signed certificates.

On windows mkcert -install must be executed under elevated Administrator privileges. Then copy over the CA Root certificate over to the project as we want to mount this in later into the containers without using an environment variable.

cd shared/nginx/certs
mkcert --install
copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.pem
copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crt

Create the skoruba.local certificates

Generate a certificate for skoruba.local with wildcards for the subdomains. The name of the certificate files need to match with actual domain-names in order for the nginx-proxy to pick them up correctly. We want both the crt-key and the pfx version.

cd shared/nginx/certs
mkcert -cert-file skoruba.local.crt -key-file skoruba.local.key skoruba.local *.skoruba.local
mkcert -pkcs12 skoruba.local.pfx skoruba.local *.skoruba.local

This docker setup is come from this repository - thanks to bravecobra. 😊

Run docker-compose

• Project contains the docker-compose.vs.debug.yml and docker-compose.override.yml to enable debugging with a seeded environment.
• The following possibility to get a running seeded and debug-able (in VS) environment:

docker-compose build
docker-compose up -d

It is also possible to set as startup project the project called docker-compose in Visual Studio.

Docker images

• Docker images will be available also in docker hub

Publish Docker images to Docker hub

• Check the script in build/publish-docker-images.ps1 - change the profile name according to your requirements.

Installation of the Client Libraries

cd src/Skoruba.IdentityServer4.Admin
npm install

cd src/Skoruba.IdentityServer4.STS.Identity
npm install

Bundling and Minification

The following Gulp commands are available:

• gulp fonts - copy fonts to the dist folder
• gulp styles - minify CSS, compile SASS to CSS
• gulp scripts - bundle and minify JS
• gulp clean - remove the dist folder
• gulp build - run the styles and scripts tasks
• gulp watch - watch all changes in all sass files

EF Core & Data Access

• The solution uses these DbContexts:

  • AdminIdentityDbContext: for Asp.Net Core Identity
  • AdminLogDbContext: for logging
  • IdentityServerConfigurationDbContext: for IdentityServer configuration store
  • IdentityServerPersistedGrantDbContext: for IdentityServer operational store
  • AdminAuditLogDbContext: for Audit Logging
  • IdentityServerDataProtectionDbContext: for dataprotection

Run entity framework migrations:

NOTE: Initial migrations are a part of the repository.

• It is possible to use powershell script in folder build/add-migrations.ps1.

• This script take two arguments:

  • --migration (migration name)
  • --migrationProviderName (provider type - available choices: All, SqlServer, MySql, PostgreSQL)

• For example: .\add-migrations.ps1 -migration DbInit -migrationProviderName SqlServer

Available database providers:

• SqlServer
• MySql
• PostgreSQL

It is possible to switch the database provider via appsettings.json:

"DatabaseProviderConfiguration": {
        "ProviderType": "SqlServer"
    }

Connection strings samples for available db providers:

PostgreSQL:

Server=localhost;Port=5432;Database=IdentityServer4Admin;User Id=sa;Password=#;

MySql:

server=localhost;database=IdentityServer4Admin;user=root;password=#

We suggest to use seed data:

• In Program.cs -> Main, uncomment DbMigrationHelpers.EnsureSeedData(host) or use dotnet CLI dotnet run /seed or via SeedConfiguration in appsettings.json
• The Clients and Resources files in identityserverdata.json (section called: IdentityServerData) - are the initial data, based on a sample from IdentityServer4
• The Users file in identitydata.json (section called: IdentityData) contains the default admin username and password for the first login

Authentication and Authorization

• Change the specific URLs and names for the IdentityServer and Authentication settings in appsettings.json
• In the controllers is used the policy which name is stored in - `AuthorizationConsts.Administr