IdentityServer4 Overview
As an open-source authentication server for .NET, IdentityServer4 supports the OpenID Connect (OIDC) and OAuth 2.0 standards. It provides a standardized method for authenticating requests of your applications, whether web-based, native, mobile-based, or API endpoints. It also acts as a central database structure that stores the user credentials.
Why Use IdentityServer4?
Authentication and authorization between applications might require additional handling when talking to each other. Authentication is needed when an application needs to know the current user's identity, and the protocol used is OpenID Connect. Similarly, authorization is granting permission to that specified user to request access to a particular resource from a Security Token Service and then use it to communicate with the API. The protocol for that is OAuth 2.0.
Security Token Service (STS), a central repository, is responsible for issuing tokens and validating claims. Therefore, all authentication and authorization logic of a particular application offloads to STS. IdentityServer4 is a frequently used STS for .NET applications that implements both, OpenID Connect and OAuth 2.0 protocols to solve the typical security problems of today's mobile, native, and web applications.
The diagram below explains the overall idea of a Security Token Service:
Features of IdentityServer4
Protect your Resources
Every single resource of a particular user is authorized to be used by that user only.Authenticate the Users
All the users are authenticated using a local account store or an external provider.Access and Validate Tokens to Users
Tokens are issued to users to identify them so that APIs can use that information to authorize access to that data.
Use IdentityServer4 with NCache
IdentityServer4 is a middleware that adds the specification-compliant OpenID Connect and OAuth 2.0 endpoints to an ASP.NET Core application. Its API lets users extend IdentityServer4 to use any external custom storage, be it any relational database, a NoSQL solution, any file system, or even an in-memory data store like NCache. For this purpose, IdentityServer4 has implemented EntityFramework Core (EF Core) support making it very easy to use any database as a storage medium for the IdentityServer4 configuration and operational data.
Configuration Store: is a store where static data exists - which does not frequently change as such.
Operation Store: is a store where the operational data exists - on which operations occur, and it is more likely to be frequently modified.
NCache, being an in-memory distributed, linearly scalable key-value store, is highly compatible to be used with IdentityServer4 for the following explained reasons:
NCache as IdentityServer4 Store
NCache can be used as a caching layer on top of the IdentityServer4 persistent configuration and operational stores to speed up the operations through in-memory caching while reducing frequent database hits.
NCache as IdentityServer4 Cache
NCache can be used as a configuration and persistent grant store to further increase performance by removing the bottleneck and hurdle of getting data from the disk. The in-memory cache contents may periodically persist on the disk. Therefore, drastically decreasing the average time taken to get the data.
Similarly, the cache and store roles of NCache with IdentityServer4 can also mix and match the implementations from the IIdentityServerBuilder
NCache extension method during the ASP.NET Core dependency injection. The crux of all this is that data is stored in-memory, giving better performance and faster results.
See Also
NCache as an In-memory IdentityServer4 Store
NCache as an In-memory IdentityServer4 Cache Implementation