IdentityServer4 + Asp.Net Core Identity - Map Identity to application database user

So you would not save firstname etc in the application specific db right?

Yes, User specific properties should go into the user profile and should be saved in the user store(database) of IdentityServer. Application specific user data should be stored in the application store.

In the every request where you need user specific data will query the identity server to get information/claims?

Not necessarily, The user specific data can be included in identity token as claims. The claims will then be stored in a cookie as authentication ticket. For each request, those claims(stored in cookie/s) are available via User property of the controller

var identity = (ClaimsIdentity)User.Identity;
IEnumerable<Claim> claims = identity.Claims;

You can store and query application related user data stored against a user Id(sub claim can be used as a user Id).

If you need a lot of user-specific data in an application it is not optimal to include everything in identity-token and it is unlikely that you will need those for each request. So when you need extra information you can query UserInfo endpoint of identity server. Just include basic information you need to identify a user in your identity token.

What about the registration process?

Registration is a completely separate workflow that there is no involvement with identity server. You just need to save the user to identity store(probably using asp.net identity). Of course, you can host the registration controllers along with identity server, so that identity-related stuff is physically on the same server. You can also just write to IdentityServer user store from anyplace you host your registration process(e.g. A separate admin UI, or From a workflow involving email verification, manual approval etc...)


To customize what you store in Asp.net Core Identity, you need to use services.AddIdentity<ApplicationUser, ApplicationRole>. ApplicationUser and ApplicationRole are extending IdentityUser and IdentityRole. This way you can make it store any extra info you want.

Then to return the extra info you need to create a ProfileService that implements IProfileService. With this service, you can add any extra information to claim tokens.

You need to register this service as

services.AddSingleton<IProfileService, ProfileService>();
builder.AddAspNetIdentity<ApplicationUser>().AddProfileService<ProfileService>();

You can register the user with extra info like below:

var user = new ApplicationUser
            {
                UserName = Username,
                Email = email,
                ExtraInfo1 = "Hello",
                ExtraInfo2 = "World"
            };
await _userManager.CreateAsync(user, "SomePassword");