Creating ASP.NET Core Identity Using IdentityServer4 Visual Studio 2017

About this post

In this post, we will follow the steps from IdentityServer4 official documentation to create ASP.NET Core Identity connect. The official walkthrough is here at It is great but it skips some codes and detail setting. Here, I post my codes which follow that start documentation and I will give you more details about using IdentityServer4 to create the safe connection. To have a better understand, you need to read the official website for more details.

When you compare my post to the official documentation, please consider my steps as a supplement, instead of something different, since I followed the official docs to create my demo solution.  You can download my solution from my Github Repository “.Net_Core_IdentityServer4_Connection_Starter” .

1.Big Picture for Our Demo

Before our journey to use Identity with ASP.Net Core, I wish you gain a big picture about the oauth 2.0. You could get more information from here at

In this demo, we will create 3 projects : App Server, API Server and Client App. We could consider App Server as Facebook Server, API Server as a mobile game server, and the Client App as this mobile game.

In order let this game has a facebook login, the game user need to call the Facebook Server, typing into the user name and user password. After the Facebook passed the username and password, Facebook Server will send a token back to your local mobile game login page, then, the local game will use this token to talk with Facebook behalf of you to get your picture and facebook username.

2. Build Our Fake “Facebook” Identity Server

In the section, we will create a fake identity server using IdentityServer4.

Firstly, you need to create a .Net Core Web Application. In my Github, my project name is “IdentityServer4_Server”. After you created the project, let’s add the IdentityServer4 Packages: IdentityServer4, IdentityServer4.AspNetIdentity,IdentityServer4.EntityFramework and IdentityServer4.EntityFramework.

Different from the official documentation to configure this project, we will create our fake user model and data resource. In this project, create a class Config.cs.

In this class, we fake the user information and data resource, which prepares our future usage.

Then, we modify our Program.cs File.

In here, we wish to user our port at 5000. However, in my machine site, it turns out to be some port number “65404”. After this setting, let’s try to run this project, check whether your localhost:XXXX is at 5000 or something else. You need to remember this port number for later use. Here, we consider this port number as Identity Port Number.

Next, let’s modify our Startup.cs file.

In Startup.cs, we will use our fake information from the Config.cs file.

Now, you can start your application.

If you get this error from your home page, that is fine.

Try the url with your Identity Port Number: http://localhost:XXXXX/.well-known/openid-configuration. It should return something like this.

This is the so-called discovery document. This will be used by your clients and APIs to download the necessary configuration data.

3. Create API Server

Create another .Net Core Web Application, set it as API. In my solution, I named it as “API_Server”.

Add IdentityServer4 packages to it.

Then, modify the Statup.cs in this new project.

Authority = “http://localhost:65404”

Identity Port Number.

Now, we need to add a controller to offer API support. Right click the Controllers folder, create new API controller. Name it as IdentityController. Modify it as below.

Now, set the project debug order. Right click the solution in the “Solution Explorer”, click “Set Startup Projects…”. We need to order it as API_Server after the IdentityServer4_Server. Be careful, we need to choose Multiple startup projects.

Let’s start our debug. If everything is good, we will open two pages browser. In the second page, it is the new page from our API Server. It should be something like this.

API Port Number.


4. Create Client Application

This is our last step to create the user client application, we can consider it as your local mobile game, which needs to login into Facebook.

First, the client app needs to talk with the Identity Server to get user token using your username and password. After getting the token, we can talk with the API server without limitation. We can consider the token as the key.

In here, to make things easy, we made our client application as a console app. In your solution, add a new .Net Core Console application.

We need to install IdentityModel into your new project. IdentityModel includes a client library to use with the discovery endpoint. This way you only need to know the base-address of IdentityServer – the actual endpoint addresses can be read from the metadata:

Modify the Program.cs file.

In the CallAPIAsync method, we have two parts. First, we get the token from Identity Server and print it out in your console. Then, we use this token to talk with our API.

Let’s open the solution Setup Project Order, making this at the last one to run.

Now, Let’s Rock. Start your solution.

It is possible you may get this error.

This means the calling to your localhost:65404 fails.  Let’s check the ports! When you get this error, let it stop there, please check the new two browser windows port numbers. They should be something like http://localhost:XXXXX/ and http://localhost:YYYYY/api/values. I am sure you will get these two window when you start your solution, since we have two .Core Web Application as the IdentityServer and the API Server.

Now, modify the port number in your Program.cs file.

XXXXX for :

YYYYY for :

After modifying the codes, let’s run again. Now you could find something printed in the console.

If you get the internal error, it means you have the wrong port in your api server.

Go to your API_Server Startup.cs File, modify the port to your IdentityServer Port, since we need to set the api points to the IdentityServer.

Rock it again.

Cool, we successfully get the api connection using IdentiyServer4 !

Leave a reply:

Your email address will not be published.

Site Footer