Skip to content
Duende Software Docs
Introducing the next era of Duende IdentityServer. Read our CEO’s announcement

Getting Started

The login page is responsible for establishing the user’s authentication session. This requires a user to present credentials and typically involves these steps:

  • Provide the user with a page to allow them to enter credentials locally, use an external login provider, or use some other means of authenticating.
  • Start the session by creating the authentication session cookie in your IdentityServer.
  • If the login is client initiated, redirect the user back to the client.

When IdentityServer needs to show the login page, it redirects the user to a configurable LoginUrl.

Program.cs
builder.Services.AddIdentityServer(opt => {
    opt.UserInteraction.LoginUrl = "/path/to/login";
})

If no LoginUrl is set, IdentityServer will infer it from the LoginPath of your Cookie Authentication Handler. For example:

Program.cs
builder.Services.AddAuthentication()
    .AddCookie("cookie-handler-with-custom-path", options =>
    {
        options.LoginPath = "/path/to/login/from/cookie/handler";
    })

If you are using ASP.NET Identity, configure its cookie authentication handler like this:

Program.cs
builder.Services
    .AddIdentityServer()
    .AddAspNetIdentity<ApplicationUser>();


builder.Services
    .ConfigureApplicationCookie(options =>
    {
        options.LoginPath = "/path/to/login/for/aspnet_identity";
    });

User Management Options

Section titled “User Management Options”

IdentityServer needs a user store to authenticate users and issue claims. Two first-party integrations are available:

  • ASP.NET Identity provides integration with the widely-used ASP.NET Core Identity system.
  • Duende User Management provides a more modern alternative with built-in support for OTP, TOTP, passkeys, and profile attribute-to-claim mapping.

Both options provide an IProfileService implementation that IdentityServer uses to load claims into tokens.