Duende.Identity vs Microsoft.Identity

Laurent Guigon 281 Reputation points
2023-08-18T15:04:39.2233333+00:00

Hi, I ran my Hosted Blazor WebAssembly (v6.x) with the account manager, and I checked the console. There was a message indicating that I am using Duende.Identity without a license! But why was my project built with these services? Until now, my projects used Microsoft.Identity, which does not require a license fee.

Is there a way to switch the account manager (go back to Microsoft.Identity) without having to break everything?

Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,553 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 64,001 Reputation points
    2023-08-23T16:28:55.7+00:00

    sorry, I figured out your issue. the individual accounts option (which I don't normally use) uses package:

    <PackageReference Include="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="6.0.20" />

    this package is used to implement an oauth server backed by the identity database. originally this used the open source IdentityServer4, but switched to the open source Duende when support for IdentityServer4 was dropped. I checked and both the net7 and net8 versions still have this dependency.

    as the default blazor wasm authentication uses oauth for authentication, you need an oauth server to authenticate.

    if Duende licensing does not fit your needs you will need an alternative oauth server (azure ad, google, AWS, etc). in this case you pick Microsoft Identity rather than individual accounts.

    https://duendesoftware.com/products/identityserver

    your final option:

    1. create blazor wasm app without authenication
    2. use identity scaffolding to add individual accounts to the server project
    3. add jwt bearer token support to server project
    4. add a json login page that returns jwt token - google for examples
    5. add authorizatin package to blazor app
    6. add login page to the blazor app that fetches the jwt token.
    7. create a custom autheniction state provider

    sample:

    https://codewithmukesh.com/blog/authentication-in-blazor-webassembly/#google_vignette

    1 person found this answer helpful.

  2. Bruce (SqlWork.com) 64,001 Reputation points
    2023-08-18T16:51:56.9766667+00:00

    Duende is a self hosted oauth server for .net. It replaced the free open source IdentityServer4. Your project is built with these services because the Duende.Identity package was to your project, probably to supply oauth server support. Earlier versions of asp.net core had examples with IdentityServer4. When the free IdentityServer4 switched to charged Duende, during the transition there were instruction for Duende via a link to the Duende site. With later versions of the documentation, this link has been dropped.

    Most likely you configured the blazor hosting asp.net site to be a Duende oauth server, so blazor wasm could use the Microsoft Identity msal library (bearer token support).

    Microsoft's oauth server is Azure AD, which you can switch to, but an Azure AD account is not free. To switch to azure ad you just remove the Duende package, and config. then config Blazor for the azure ad oauth settings.

    The Blazor Wasm free oauth authentication is the individual accounts template. this uses a SQL Database to hold the account information. If you create a project with this template you will get a very simple oauth server.


  3. Laurent Guigon 281 Reputation points
    2023-08-23T14:10:18.2133333+00:00

    I always used to create my projects like this:

    (Sorry, my Visual Studio is in French - I'm French, by the way; thanks to ChatGPT for correcting my uncertain English.)
    Capture d'écran 2023-08-23 155457

    Then:

    Capture d'écran 2023-08-23 155651

    Then click the create button, and the result is:

    User's image

    I use VS 2022 Community. However, it seems that there is an update, as this package wasn't included in the solution when I started using VS2022-C.

    0 comments No comments

  4. Laurent Guigon 281 Reputation points
    2023-08-26T22:52:16.1+00:00

    I'm not quite sure I understand these explanations...

    There's a specific server for authentication? But my entire application uses the same database with a single connection string. O_o?

    Until now, I've never built an app with a client/server separation between the frontend and backend. Everything was in a single project. However, I'm trying to improve my approach, so I've decided to use an API for my backend.

    I've always used what was provided when building a site (I believe it was Owin), and I could choose to edit a page among the many user account management pages, to customize its appearance, for example. Can't we do that anymore? I recall seeing a video on YouTube where a guy was doing it... Was that BEFORE Duende? Or is this difference due to the fact that I'm now using an API as the backend?

    Honestly, having all the code embedded in Identity is quite convenient, and I don't really want to spend several days hand-coding something that would be similar (and probably not as well done).

    I'm a bit lost with this "login server" concept... I didn't quite grasp the idea!

    For now, my application will run on an intranet, so maybe the licensing issues won't come up... but I'd like (for a while, as long as I have a student account) to do an Azure Go-Live with a CI/CD pipeline.

    I'm realizing that I've always used this user account management system without really trying to understand how it works...


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.