But is AdminUI Flexible Enough?
Since its inception, AdminUI has been an application requiring no development effort to get it running. However, it is not as flexible as some of our customers require. So let's fix that!
Duende IdentityServer is a framework for developing an OAuth/OIDC solution and requires development effort to build the necessary SSO workflows (login, logout, registration etc.).
AdminUI is an application, not a general purpose framework, so there is minimal opportunity to customize its behaviour. Developers want to be able to customize the behaviour just like they do with IDS, so they don't have to build their own AdminUI from scratch or heavily customize the basic UI that comes with Duende IdentityServer
Making AdminUI More Extensible
Despite AdminUI being an application, it does provide various ways to customize its behaviour.
- Mandatory claim types, providing a customizable user management portal
- Webhooks to trigger external workflows, such as password reset.
- Strongly typed and mandatory user claims.
- Front-end source code available to white label
- Build additional UI and leverage the web API to perform IdentityServer configuration tasks
- Flexible authorization policy using ALFA-based policy
But we want to go further, allowing developers to integrate AdminUI tightly into their company just like they do with IdentityServer without compromising on all the benefits that AdminUI provides. We want to enable developers to:
- Create their own IdentityStore, not rely on the ASP.NET Identity schema.
- Provide their own authorization model.
- Create their own Identity Server configuration store.
- Deploy their AdminUI solution via CI alongside your IdentityServer.
- Support Multi-tenancy.
- Target non-relational databases.
All the above while continuing to leverage the UI built into AdminUI.
Changing AdminUI
We did consider making AdminUI Open Source and allowing customers to maintain their customized versions of the code. However, that is not a scalable solution for merging bug fixes, receiving new features and providing one-to-one developer support.
Turning AdminUI into a framework and exposing well-defined extension points seems a more appropriate solution.
AdminUI as a NuGet Package
From AdminUI 6.3.0, customers can consume it via a NuGet package. Developers create an ASP.NET Core web host and host it similarly to IdentityServer. The following code snippet demonstrates how simple it is to add AdminUI to an ASP.NET Core host.
using IdentityExpress.Manager.BusinessLogic.Configuration; using IdentityExpress.Manager.UI.Extensions.DependencyInjection; var builder = WebApplication.CreateBuilder(args); builder.Services.AddAdminUI(); var app = builder.Build(); app.UseAdminUI(); app.Run();
Note, you will also need an appsettings.json (this is changing soon).
A simple example can be found in github, or a full written walk through can be found in the product documentation for the NuGet package here. Alternatively there is also a short walk-through video below.
Replacing the Identity Store
In this initial release, developers can implement their own identity store, allowing AdminUI to be de-coupled from the ASP.NET Identity schema, enabling AdminUI to work in multi-tenanted environments and targeting non-relational databases.
Checkout our GitHub samples demonstrating
- NoSQL integration
- Multi tenancy
- Extending the built-in ASP.NET Identity store
Customizations Coming This Year
What next, throughout this year, we intend to expose more and more of AdminUI internal implementations to allow developers to customize the experience of AdminUI so that it integrates tightly into their organization.
Some of these features include:
- Move all app settings to options
- Expose authorization decisions
- Support non-relational stores for IdentityServer configuration
- Handle password and MFA reset with host code so as not to have to rely on webhooks
If you want to see how AdminUI can work with your IdentityServer solution and aid you in your development, why not give AdminUI Nuget a go today? Get a free 30-day demo license from our product page, or reach out to [email protected]
