As we enter 2026, many developers are considering the opportunities ahead, from implementing new business features to fixing long-standing bugs and paying down years of technical debt. With some of our customer calls this year, we’ve found that a “popular” item on everyone’s New Year’s resolutions list is upgrading to the latest .NET 10 LTS release, alongside finally moving to the most secure and supported version of Duende IdentityServer to date.
At Duende, we want to fuel your ambitions and help you meet your goals. We’ve spent thousands of hours talking to IdentityServer4 users and have built a tool that should help teams understand the upgrade process ahead of them. If you're concerned about running an unsupported identity solution at the heart of your organization and want to upgrade, we have a solution we think you should consider. In this post, we’d like to introduce you to our IdentityServer4 Migration Analysis Tool, developed by our Customer Success team lead, Maarten Balliauw.
IdentityServer4 Questions
Many organizations running IdentityServer4 find themselves in a precarious situation. In fact, some companies are unaware of what they have deployed in production. During our customer upgrade assessment calls, we ask common questions to help teams build an upgrade roadmap, including:
- What version of .NET are you currently targeting?
- What version of IdentityServer4 do you have?
- How many client IDs does your identity provider have configured?
- Are you familiar with Data Protection?
- What authentication schemes does your organization rely on?
Many customers need time to think and gather the necessary information for our IdentityServer4 assessment calls, but these calls can be time and resource-intensive.
Because of this, we wanted to start the year by empowering teams with information to better understand their current situation and plan for the future.
Migration Analysis Tool
When building the Migration Analysis tool, we wanted to cast a wide net of help. We chose to implement a self-contained ASP.NET MVC controller that any team could add to their existing IdentityServer4 implementation.
The MigrationAnalysisController will attempt to access elements of your IdentityServer4 installation, including the current .NET version, IdentityServer4 version, number of clients, signing credentials, data protection settings, and authentication schemes.
Let’s walk through the installation process and then review a sample output page.
Installing the Migration Analysis Tool
Note: This installation process is available in the Duende documentation under our Upgrading section.
You’ll first need to download the MigrationAnalysisController.cs file and add it to your current IdentityServer4 host. This tool’s code is purposely rudimentary, and some .NET developers might call it “unelegant”. That’s the point!
Our goal is to support all IdentityServer4 installations down to .NET 3.1; the value of the controller lies in the analysis, which involves inspecting your current configuration.
An important note: to maximize the tool’s value, you will need to deploy the change to your production environment. Unless you can recreate your production environment locally, your production environment will provide the most accurate information possible.
After installing the file, look for the first lines in the controller’s Index method.
// Verify user is allowed to access this page
if (User.Identity == null || User.Identity.Name != "scott")
{
return Unauthorized();
}
Update the code to use the current ClaimsPrincipal and determine which team members can access the Migration Analysis page.
For example, check the role claim for an admin value.
if (!User.HasClaim(ClaimTypes.Role, "admin"))
{
return Unauthorized();
}
The authorization checks should be the only changes you need to make to the controller code.
Next, verify that you’ve registered the MVC default route in the Startup.cs file. It should be there; if not, add the following lines.
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
You may also manually route the new controller to any path you choose, but the default route is the easiest solution.
That’s it! You’re ready to use the Migration Analysis tool.
Viewing the Migration Analysis Output
Once installed and deployed, navigate to the /MigrationAnalysis path in your IdentityServer4 installation.
You’ll see a list of data, along with any recommendations and links to documentation to help you better understand the challenge of each point. Now you can use this information to better inform your team, have more productive calls with Duende customer success engineers, and upgrade to the latest version of Duende IdentityServer.
Conclusion
We understand that upgrading critical identity infrastructure can be daunting, if not outright scary. The Duende team wants to make your upgrade experience as painless and successful as possible. By using the IdentityServer4 Migration Analysis Tool, we know you can achieve your goals. Additionally, if you are unsure about the next steps, our IdentityServer4 Migration Analysis Tool allows you to schedule a call with our Customer Success team to discuss any concerns, including detailed troubleshooting and technical questions.
As the days tick away in 2026, don’t let the perfect time to upgrade pass you by. Let us help you upgrade your IdentityServer4 to Duende IdentityServer and the latest .NET 10 LTS.