IdentityServer4 is an open-source authentication server that implements OpenID Connect (OIDC) and OAuth 2.0 standards for .NET Core. It's designed to provide a common way to authenticate requests to all of your applications, whether they are web based, native, mobile based or API endpoints. For instance, if your application wants to know the identity of the current user and needs to make sure that this user is the only one allowed to access data then IdentityServer4 can be used for this purpose.
Why Use IdentityServer4
Authentication and authorization between applications might require additional handling when talking to each other. Authentication is needed when an application needs to know the identity of the current user and the common protocol used for that is OpenID Connect. Similarly, authorization is granting permission to that specified user to request access for a particular resource from a Security Token Service and then use it to communicate with the API. The protocol for that is OAuth 2.0.
Security Token Service, a central repository, is responsible for issuing tokens and validating claims, therefore all the authentication and authorization logic of a particular application is offloaded to STS. IdentityServer4 is a frequently used STS for .NET Core applications that implements both the OpenID Connect and OAuth 2.0 protocols to solve the typical security problems of today's mobile, native and web applications.
The diagram below explains the overall idea of a Security Token Service being used:
Features of IdentityServer4
Protect your Resources
Every single resource of a particular user is authorized to be used by that user only.
Authenticate the Users
All the users are authenticated using a local account store or via an external provider.
Access and Validate Tokens to Users
Tokens are issued to users to identify them so that API's can use that information to authorize access to that data.
Use IdentityServer4 with NCache
IdentityServer4 is a middleware that adds the specification compliant OpenID Connect and OAuth 2.0 endpoints to an ASP.NET Core application. Its API provides the users the flexibility to extend IdentityServer4 to use any external custom storage, be it any relational database, a NoSQL solution, any type of file system or even an in-memory data store like NCache. For this purpose, IdentityServer4 has implemented EntityFramework Core (EF Core) support making it very easy to use any database as a storage medium for the IdentityServer4 configuration and operational data.
Configuration Store: is a store where static data is kept which does not frequently change as such.
Operation Store: is a store where the operational data is kept on which operations are performed and it is more likely to be frequently modified.
NCache, being an in-memory distributed, linearly scalable key-value store, is highly compatible to be used with IdentityServer4 for the following explained reasons:
NCache as IdentityServer4 Store
NCache can be used as a caching layer on top of the IdentityServer4 persistent configuration and operational stores to speed up the operations through in-memory caching as well as reduce frequent database hits.
NCache as IdentityServer4 Cache
NCache by itself can be used as a configuration and persistent grant store to further increase performance by removing the bottleneck and hurdle of having to get data from the disk. The in-memory contents of the cache can be periodically persisted to the disk, therefore drastically decreasing average time taken to get the data.
Similarly, the cache and store roles of NCache with IdentityServer4 can also be mix and matched using the implementations from the
IIdentityServerBuilder NCache extension method during ASP.NET Core dependency injection. The crux of all this is that you now have your data store in-memory which gives better performance and faster results.