At my workplace, we have many existing applications for which common WCF services have been written to expose user and role management functionality at the enterprise level. So, for example, to create a new user, our applications just call the Create method exposed by our UserService.
We are trying to build a new MVC5 web application which needs identity management features. I have found several examples of custom implementation of the ASP.NET identity framework which typically override the IUser, IUserManager, etc. I also found an implementation for MySQL database instead of SQL server. However, I am unable to figure out if it is possible to completely discard away the database part of the framework and hand over the persistence calls to our services but still use methods and facade provided by the framework for cookie management, Owin integration etc. Or enterprise schema, of course, does not match the default Identity framework database schema.
I looked at the Identity Sample from Microsoft that implements a user manager:
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
This custom user manager ApplicationUserManager needs a UserStore<ApplicationUser>, which needs a ApplicationDbContext. Is it possible to pass some service instance instead to the custom UserStore instead of a DbContext. Can the UserStore even work without a dependency on some database DbContext?
Related
How to implement Asp.net identity for authentication and authorization using service stack V3 with SQL Server as back-end managing users, roles and membership
Microsoft's ASP.NET Identity provider provides a way to do Auth/Authz in ASP.NET code with a SQL backend. You can write your own provider if you are motivated.
ServiceStack's built-in AuthProvider provides it's own independent way to do Auth/Authz over ASP.NET with a SQL backend. You can also write your own provider.
The two do not share any code, models, or interfaces.
If you want to implement the ASP.NET Identity model using the ServiceStack AuthProvider model, you would have to customize the ServiceStack provider with code from the ASP.NET Identity provider.
To customize ServiceStack AuthProvider v3, try my blog post:
Customizing IAuthProvider for ServiceStack.net – Step by Step
Then you could stick in the ASP.NET Identity code. The articles ASP.NET Identity Stripped Bare - MVC Part 1 ( #dr-net mentions) will show you what you are in for.
You would have to decide if its worth it - you probably want to just pick one or the other, instead of trying to mash them together.
FYI- the ServiceStack v3 and v4 Auth code are somewhat different - at least some refactoring done.
Hi created my service using http://ntieref.codeplex.com/ n-tier entity framework.
The service the generator created uses wcf and wsHttpBinding. It uses windows authentication and the program created works fine when the user is logged in the Domain (as it should).
My problem is when I am trying to connect from "outside". I could not find a way to pass
something like this:
client.ClientCredentials.UserName.UserName = "SomeUserName";
client.ClientCredentials.UserName.Password = "WrongPassword";
thats why my call fails with the user not validated.
My question is specific to n-tier entity framework (http://ntieref.codeplex.com/) with the default generated. That's why I am not posting configs. If some one has experience on this framework please help.
I would like to also expose some functions of my own written on the server to the clients (beyond the entity generated functionality) (e.g. a login function that will return some custom class after validation) without breaking the existing functionality.
Where should I write my code ?
WCF Endpoint Configuration
The n-tier entity framework generates plain vanilla WCF services which can be exposed through any WCF endpoints. All you need to do is setting-up corresponding endpoint configurations in your config.
Custom Service Methods
Both, service contracts and implementation are generated as partial interfaces and classes. This allows to add additional custom services methods as required.
is there a way to customize the database access in the new MVC5 identity?
I don´t use the DbContext in my web project, because I created some security and validation layers for database access.
Do I have to derive from UserManager or UserStore, implement the interfaces IUserPassword store or something like that?
I heard something about an API to customize identity, but how can I use this API?
You need to implement your own UserStore and User types to match the schema that you want.
You will have to implement the Interfaces for the features that you want in your system
You can reuse the UserManager since UserManager just uses the UserStore and User that you pass in.
The following article explains you in detail how to do it http://www.asp.net/identity/overview/extensibility/overview-of-custom-storage-providers-for-aspnet-identity
I created a DbContext connection using Entity Framework and have "DbContext" connection string in my web.config file.
Then, I tried to log in, and my website required me to have another "defaultConnection" string for creating user tables.
In this case, do I need to have two connections? Or should I have one connection by somehow combining the two?
Which is better performance-wise? I started building my project using Internet Application template.
By default for membership and roles, the ASP.net infrastructure uses the default membership and role providers that stores that membership and roles data in different database. Run your application and if you register for a user from login page you can see the database at location "App_Data" folder created. The database is different hence the connection string is different. You are using entity framework so there are 2 ways to go from here.
1) Change the connection string and use the same default asp.net membership and role providers to store data in the database that your entity framework configuration is using. By this I mean the default membership and role providers use the database that you EF configuration points to.
2) Use EF to manage the membership and roles data. So the users and groups would be entities manages by the DBcontext as other entities.
I have recently implemented the second approach. The ASP.net membership provides hooks (extensibility) to implement your own providers and register them in the web.config file. Then create the User and Role entity and include them in DBContext. Of-course before registering the providers you need to implement them first by deriving from MembershipProvider and RoleProvider abstract classes. These classes are in `System.Web.Security' namespace.
You can follow this project for more details http://codefirstmembership.codeplex.com/
I believe the connections to separate database will not have any impact on the performance. As in the web model even if you use same database for incoming requests we have to make connections to database separately and the incoming requests can come concurrent. In fact keeping the database separate will take to database load to another server. But now you have 2 servers to back up and maintain. This will not be maintainable unless you want your membership data to be separate for some reasons like it is shared by other applications also.
I would suggest combining the two, since at some point you will probably want foreign key's from various tables to the Users table.
I would have one connection in the web.config, "DefaultConnection".
Then when you initialize your DbContext, use the DbContext(string) overload to use the DefaultConnection, like so: var context = new YourDbContext("DefaultConnection");
That way your data and Users/Roles tables live together, happily ever after.
What is the Microsoft Enterprise Application Blocks relationship to the ASP.NET provider model? (if any)
Enterprise library have a Security Application Block.
It exposes two interfaces that you can access in your code:
An Authorization Provider interface, which exposes the single method named Authorize that takes an instance of an IPrincipal object containing details of the user's identity and roles. Depending on the way that you configure the block, the authorization can take place either through Windows® Authorization Manager (AzMan) against Active Directory, an XML file, or a database; or by using custom rules that you define and are stored as XML in the application configuration file.
A Security Cache Provider interface, which exposes methods that allow you to save and retrieve a user's identity or security context as an IIdentity instance, IPrincipal instance, or ASP.NET Profile instance. Each cached identity or security context is identified by a token (by default a GUID, though you can create and use your own implementation of the IToken interface). The block stores this information in either a database or in Isolated Storage using the Caching Application Block. You can alternatively create a custom provider for the Caching Application Block and use it to cache the information in the location and using the techniques you implement in your provider.
Then you also can reference ASP.NET 2.0 Provider Model:
http://msdn.microsoft.com/zh-cn/library/aa479030.aspx