is there a way to customize the database access in the new MVC5 identity?
I donĀ“t use the DbContext in my web project, because I created some security and validation layers for database access.
Do I have to derive from UserManager or UserStore, implement the interfaces IUserPassword store or something like that?
I heard something about an API to customize identity, but how can I use this API?
You need to implement your own UserStore and User types to match the schema that you want.
You will have to implement the Interfaces for the features that you want in your system
You can reuse the UserManager since UserManager just uses the UserStore and User that you pass in.
The following article explains you in detail how to do it http://www.asp.net/identity/overview/extensibility/overview-of-custom-storage-providers-for-aspnet-identity
Related
At my workplace, we have many existing applications for which common WCF services have been written to expose user and role management functionality at the enterprise level. So, for example, to create a new user, our applications just call the Create method exposed by our UserService.
We are trying to build a new MVC5 web application which needs identity management features. I have found several examples of custom implementation of the ASP.NET identity framework which typically override the IUser, IUserManager, etc. I also found an implementation for MySQL database instead of SQL server. However, I am unable to figure out if it is possible to completely discard away the database part of the framework and hand over the persistence calls to our services but still use methods and facade provided by the framework for cookie management, Owin integration etc. Or enterprise schema, of course, does not match the default Identity framework database schema.
I looked at the Identity Sample from Microsoft that implements a user manager:
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
This custom user manager ApplicationUserManager needs a UserStore<ApplicationUser>, which needs a ApplicationDbContext. Is it possible to pass some service instance instead to the custom UserStore instead of a DbContext. Can the UserStore even work without a dependency on some database DbContext?
Here is my Scenario:
I need to capture at least 3 security questions & Answers as a part of user registration for an Website (Built in MVC 5 using Individual User Accounts as means of Authentication). Which I can do by extending ApplicationUser object.
So far so good.
I would like to ask these questions in the password recovery process.
I didn't find any support for security questions in ASP.NET Identity framework.
My Question:
Do I need to implement security questions out side of built in UserStore library or is there existing support similar to Secret questions in ASP.NET Membership functionality in .NET 2.0?
Note: Let me know if you need more information.
To do this in ASP.Net Identity, you treat the answers as custom passwords.
Use userManager.PasswordHasher.HashPassword(Answer1); to generate a hash for each answer to store in custom class properties/fields in the database. (Where userManager is the instance of the Identity UserManager)
On recovery, use
var verification = userManager.PasswordHasher.VerifyHashedPassword(dbHash, Answer1);
to verify the challenge.
You can then check if verification.Success is true for each answer.
ref: MSDN
I'm starting a new ASP.NET project (WebAPI and WebUI) using the Identity 2. What I am struggling to understand is when and if to use claims at all.
My app will require users to login and previously with the old Membership system, I would have added them to a role when they register. Should I continue doing this or is there a better way to handle all of this nowadays?
Wouldnt using Roles and Claims just overcomplicate things?
Thanks
Always use claims. All .NET identities are claims-based by default. BTW, a role is also a claim - a claim of type ClaimTypes.Role.
My first question is: Is there difference betwen apsnetmembershipprovider and simplemembershipprovider. I know that aspnetmembershipprovider is disgusting, because it always create temporary tables. so I'm wondering is SimpleMembershipProvider uses AspNetMembership sql queries or anather.
And My Second Question is what membership provider use for Web Api project, where client app will be mobile application.
this description can be helpful:
The WebSecurity helper class is the recommended way to manage user (membership) accounts, passwords, and other membership tasks. The SimpleMembershipProvider class can manage membership tasks; however, it is not recommended because WebSecurity provides a simpler way to implement membership. The SimpleMembershipProvider class is intended for developers who require more precise control over the membership process.
You can read more here, section "Remarks": http://msdn.microsoft.com/en-us/library/webmatrix.webdata.simplemembershipprovider(v=vs.111).aspx
If you don't like the way provider does the tables in the database, you could implement your own provider or use the Entity Framework Membership Provider (if you use EF): http://efmembership.codeplex.com/
Is it possible to override the logic IsInRole in asp.net? I use my own tables of roles in the database and I would like to know how to use own logic.
Something like inheriting from PrincipialBase. Do you know some ways?
I would only use RoleProvider if you are using other aspects of ASP.NET authentication and authorization management. However, if you have your own database for storing role information and already have a UI for managing user roles, you can get away with just creating a GenericPrincipal with your roles and replacing HttpContext.Current.User with it during PostAuthenticateRequest (for ASP.NET).
MVC is slightly different, depending on how you are managing authorization. Here is a related question.
application role management in asp.net mvc (How)?
It is better to load all the roles for a user once per request then to check roles against the database multiple times during the request.
Then you need to implement a custom RoleProvider. Here is a guide to implement a RoleProvider.
Microsoft released the source code for the default providers (membership, role, etc...).
That is also a great reference when implementing your own provider. The one time I implemented a custom role provider, it served me very well.