On this website we use cookies that are strictly necessary to make our website function correctly, as well as optional – analytics, performance and/or marketing - cookies which help us improve our website by collecting and reporting information on how the website is used, as well as help us to reach out to you with information about our organization or offer. If you do not wish to accept optional cookies when visiting our website, you may change the settings in the Cookie Settings. For more information go to Cookie Settings.

Skip to content

IdentityServer – pros and cons


Oct 31, 2019 - 2 minutes read

Paweł Wichary
See all Paweł's posts
Data Driven Organisation Blog Ebook 416X300


TL;DR: IdentityServer is a set of services and middleware which incorporated into an ASP.NET Core app creates an authentication server. A good practice is to host this server as a separate entity. All in all, IdentityServer is a very good tool – within minutes/hours you can have a server up and running that agrees with OAuth 2.0 and OpenID Connect. You get an SSO for various apps.

IdentityServer Pros

  • OAuth 2.0 support (access tokens to resources, namely the sites where a user can allow an app to access the resources using the user’s credentials)
  • Support for all the OAuth 2.0 Flows, i.e. you can easily authorise users in apps such as:
    • websites
    • mobile apps
    • standalone apps
    • IoT devices
    • Gaming consoles like Xbox
  • OpenID Connect support (user authentication tokens)
  • Server configuration via a code (configuration as a code)
  • Smooth integration with .NET Core, plus you get to code everything using C#
  • Very useful documentation (with examples)
  • Implements many specifications
  • C# developers proficient in using OAuth 2.0 and OpenID Connect will be very effective
  • It has templates that form the basis of a code (using CLI)
  • The template code is a great base for a server that grants SSO to users in-memory (hardcode). Alternatively, you can get a user pool from a database, but you have to develop this feature
  • Perfect for situations when you have various apps that can use one authentication server
  • Easily extendable if you need to have:
    • Ability to log-in from another service
    • ‘Remind password based on XYZ’ functionality
    • Some other feature because in the end all is based on .NET Core

IdentityServer Cons

  • The server’s code template lacks:
    • user registration
    • ‘forgot password’ functionality
    • MFA
    • Google Recaptcha
Data Driven Organisation Blog Ebook 416X300
Paweł Wichary
See all Paweł's posts

Related posts

You might be also interested in


Start your project with Objectivity

CTA Pattern - Contact - Middle