This walkthrough will run through setting up AdminUI manually in IIS.
The IdentityExpress Admin UI consists of two sites: the UI, and the backend API. These then integrate with an IdentityServer installation for authentication and authorization
AdminUI Deployment
AdminUI is deployed as 2 separate IIS Applications - one for the UI website and one for the API website.
It is envisaged that they will be configured to communicate with your existing (external) identity server.
Prerequisites
Before beginning the installation, please ensure that you have IIS, the .NET Core Windows Server Hosting bundle and .NET Framework 4.7.2 installed.
You will also need an IdentityServer4 Installation and either a MySql or SqlServer Database set up. There is a sample IdentityServer avaliable here that is already integrated with our IdentityExpress.Identity schema.
Walkthrough
If you already have a working IdentityServer installation up and running then this walkthrough is for you.
This walkthrough will take you through the entire IIS configuration process, resulting in a working environment for IdentityExpress AdminUI, with the UI and backend API running on the same machine and targeting an existing IdentityServer. This will also include migrating your user store to the AdminUI Identity Schema.
Configure a Database
AdminUI currently only supports MySql, PostgreSQL and SqlServer. This also includes SqlExpress.
Any used databases must accept remote connections, also ensure that your firewall allows connections on any used ports.
Create IIS Websites
Initially you will want to create 2 IIS Websites pointing at the folders we have provided in the emails. This will be one site for the UI front end, and another for backend API.
Once created you need to configure the applications for run no managed code. You can do this by going to Application Pools -> [Website Name] -> Basic Settings -> Change .NET CLR Version to No Managed Code.
AdminAPI Configuration
Once you have a Website Setup for the API, you will need to add some variables to the site in order to get it to run. The variables to be aware of for the API are:
DbProviderThis sets the database type you are using. Supported types and their values areSqlServer,MySql, orPostreSqlIdentityConnectionStringThe connection string for your Identity database (users)IdentityServerConnectionStringThe connection string for your IdentityServer database (clients, resources & grants).AuthorityUrlUrl of the IdentityServer installationUiUrlUrl of the AdminUI frontend (the idxui container)RequireHttpsMetadataSet totrueorfalseif you want to ensure IdentityServer discovery endpoint uses TLS. Must be true for productionIdentityDatabaseToMigrateConnectionString(optional) The connection string of your existing ASP.NET Core Identity Entity Framework database that will be migrated to the database used inIdentityConnectionString(this must not be equal toIdentityConnectionString).
There are 2 ways to configure these variables. Either by going to the website in IIS and using the Configuration Editor -> Environment Variables Page and adding them one by one. Or by going directly to the web.config in the folder provided and adding these variables underneath the AspnetCore node. (note: the variables surrounded with ** will need to be changed):
<environmentVariables>
<environmentVariable name="DbProvider" value="**SqlServer**" />
<environmentVariable name="IdentityConnectionString" value="**ConnectionString**" />
<environmentVariable name="IdentityServerConnectionString" value="**ConnectionString**" />
<environmentVariable name="UiUrl" value="**UiURL**" />
<environmentVariable name="AuthorityUrl" value="**IdentityServer URL**" />
<environmentVariable name="RequireHttpsMetadata" value="**false**" />
<environmentVariable name="RunIdentityServerMigrations" value="**true**" />
<environmentVariable name="LicenseKey" value="**Your Licence Key**" />
</environmentVariables>
For a full list of configuration settings, see Configuring AdminUI.
AdminUI Configuration
Once you have a Website Setup for the UI, you will need to add some variables to the site in order to get it to run. The variables to be aware of for the UI are:
AuthorityUrlUrl of the IdentityServer installationUiUrlUrl of the AdminUI frontendApiUrlUrl of the API setup in the previous step
For the UI there is an extra configuration step needed after the Web.Config has been changed.
There are 2 ways to configure these variables. Either by going to the website in IIS and under Management using the Configuration Editor -> Environment Variables page and adding them one by one. Or by going directly to the web.config in the folder provided and adding these variables underneath the AspnetCore node. (note: the variables surrounded with ** will need to be changed):
<environmentVariables>
<environmentVariable name="UiUrl" value="**Url Of this Website**" />
<environmentVariable name="AuthorityUrl" value="**IdentityServer URL**" />
<environmentVariable name="ApiUrl" value=**Api Setup in the Previous Step**" />
</environmentVariables>
Once you have configured these variables you will need to navigate to the provided folder and edit the env.js file in wwwroot/assets. The variables in this will need to match the variables above:
var ENV = {
AuthorityUrl: '**Identity Server Url Here**',
UiUrl: '**Url of this website**',
ApiUrl: '**Url Setup in the previous step**'
};
Migrations
Whether you are installing AdminUI for the first time or upgrading to the latest version of AdminUI, you will need to run some form of migrations to ensure your databases are inline with AdminUI, if you want AdminUI to handle all migrations you can navigate to the folder where your AdminUI API site is and run the following command.
dotnet IdentityExpress.Manager.Api.dll -migrate all
It will generate the databases for you using the connection strings configured in your AdminUI API web.config.
If you are planning on managing some of the database migrations yourself, or want more options when setting up your databases, then there are more fine tune migrations you can do, for more info see our full migration docs here
Troubleshooting
If you're having issues, we recommend you first enable logging for the API site.