ASP.NET Identity for client-side

[weitzhandler]

Description

ASP.NET Identity is a great tool for server-side identity management.

The picture will be complete if there would be an identity-manager aimed for .NET clients too, such as UWP, Blazor, WPF, Uno Platform, etc.

Potentially it should implement the following functionality:

• User authentication management, via JWT tokens, claims etc.- Integration with Thread.CurrentPrincipal.
• Integration with IHttpClientFactory, to allow generating authentication-clients.
• Module authorization (e.g. add [Authorize(Roles = RoleNames.Admin)] attribute on a ViewModel to only enable it for admins, etc.
• Have some way to get notified when a user has been logged in / out.
• User management API that can easily interact with an ASP.NET Identity server out the box.

[blowdart]

It's not something we're looking at, mainly because security something client side safely isn't really possible. As soon as something is running in the same memory space it's not going to be secure, and it's going to be easily bypassed by an attacker.

[weitzhandler]

I'd say that's why it makes it even more important to have this functionality provided by you rather than have it self-implemented individually by each dev 😋
I do understand this issue might belong somewhere else, but couldn't find a better place than where the server-side Identity lives.

Thanks for your response, Barry.