ASP.NET Identity Integration

An ASP.NET Identity-based implementation is provided for managing the identity database for users of IdentityServer. This implementation implements the extensibility points in IdentityServer needed to load identity data for your users to emit claims into tokens.

To use this library, ensure that you have the NuGet package for the ASP.NET Identity integration. It is called Duende.IdentityServer.AspNetIdentity. You can install it with:

dotnet add package Duende.IdentityServer.AspNetIdentity

Next, configure ASP.NET Identity normally in your IdentityServer host with the standard calls to AddIdentity and any other related configuration.

Then in your Program.cs, use the AddAspNetIdentity extension method after the call to AddIdentityServer:

builder.Services.AddIdentity<ApplicationUser, IdentityRole>()


AddAspNetIdentity requires as a generic parameter the class that models your user for ASP.NET Identity (and the same one passed to AddIdentity to configure ASP.NET Identity). This configures IdentityServer to use the ASP.NET Identity implementations of IUserClaimsPrincipalFactory to convert the user data into claims, IResourceOwnerPasswordValidator to support the password grant type, and IProfileService which uses the IUserClaimsPrincipalFactory to add claims to tokens. It also configures some of ASP.NET Identity’s options for use with IdentityServer (such as claim types to use and authentication cookie settings).

If you need to use your own implementation of IUserClaimsPrincipalFactory, then that is supported. Our implementation of the IUserClaimsPrincipalFactory will use the decorator pattern to encapsulate yours. For this to work properly, ensure that your implementation is registered in the DI system prior to calling the IdentityServer AddAspNetIdentity extension method.


Alternatively, you can use the isaspid template to create a starter IdentityServer host project configured to use ASP.NET Identity. See the Quickstart Documentation for a detailed walkthrough.