Security

It's not recommended to run the OpenId or WebAPI without https (SSL) configured on the internet. If you do that then all traffic including the login and passwords of the user can easily be intercepted by an 3rd party.

It's recommended that the SQL Server cannot be connected to through the internet. If needed then configure the SQL Server to only accept traffic from the OpenId Server and WebAPI.

If you are running on your local intranet you can skip the advanced topics. If you are accessing the services through a VPN to your local network you can also skip the advanced topics.