IdentityServer4 Overview

IdentityServer4 is a server designed for .NET that provides open-source authentication by implementing the standards of OAuth 2.0 and OpenID Connect (OIDC). It provides a standardized method for authenticating requests of your applications, whether web-based, native, mobile-based, or API endpoints. It also acts as a central database structure to store user credentials.

Why Use IdentityServer4?

When applications need to communicate with each other, additional measures may be required to handle authentication and authorization properly. Authentication is needed when an application needs to know the current user's identity, and the protocol used is OpenID Connect. Similarly, authorization is granting permission to that specified user to request access to a particular resource from a Security Token Service and then use it to communicate with the API. The protocol for that is OAuth 2.0.

The Security Token Service (STS), a central repository, is responsible for issuing tokens and validating claims. Therefore, all authentication and authorization logic of a particular application offloads to STS. IdentityServer4 is a frequently used STS for .NET applications that implements both, OpenID Connect and OAuth 2.0 protocols to solve the typical security problems of today's mobile, native, and web applications.

The diagram below illustrates a Security Token Service.

Security Token Service Usage

Features of IdentityServer4

Protect your Resources
Each resource is exclusively accessible to its authorized user.
Authenticate the Users
Users are authenticated via a local account store or an external provider.
Access and Validate Tokens to Users
Tokens are issued to users for identification, allowing APIs to authorize data access.

Use IdentityServer4 with NCache

IdentityServer4 allows for flexible integration with various external storage solutions. Its API lets users to extend IdentityServer4 to work with any relational database, a NoSQL solution, any file system, or even an in-memory data store like NCache. For this purpose, IdentityServer4 has implemented EntityFramework Core (EF Core) as part of this integration, making it very easy to use any database as a storage medium for the IdentityServer4 configuration and operational data.

Configuration Store:
A store where static data exists - which does not frequently change as such.
Operation Store:
A store where the operational data exists - on which operations occur, and it is more likely to be frequently modified.

NCache, being an in-memory distributed, linearly scalable key-value store, is highly compatible to be used with IdentityServer4 for the following explained reasons:

NCache as IdentityServer4 Store

NCache can be used as a caching layer on top of IdentityServer4 (its persistent configuration and operational stores) to speed up the operations through in-memory caching while reducing frequent database hits.

NCache as IdentityServer4 Cache

NCache can be used as a configuration and persistent grant store to further increase performance by removing the bottleneck and hurdle of getting data from the disk. The in-memory cache contents may periodically persist on the disk. Therefore, drastically decreasing the average amount of time taken to fetch data.

Similarly, the cache and store roles of NCache with IdentityServer4 can also mix and match the implementations from the IIdentityServerBuilder NCache extension method during the ASP.NET Core dependency injection. This ensures that data is stored in memory, resulting in improved performance and faster results.