A simple implementation of Microsoft.AspNet.Identity

Thursday, December 12, 2013

Introduction:

Microsoft.AspNet.Identity (famously known as ASP.NET Identity) is a brand new library for asp.net membership system that allows you to build modern ASP.NET web applications. The beauty of ASP.NET Identity is that it allows you to use any storage system. There is an implementation of Microsoft.AspNet.Identity in EF provided by Microsoft. You can also find some implementation of Microsoft.AspNet.Identity by community. For example, AspNet.Identity.RavenDB and NHibernate.AspNet.Identity. Currently, the EF implementation include Roles and Claims. But sometimes, you don't need any Claims and Roles. In this article, I will show you how to implement an implementation of Microsoft.AspNet.Identity without using Claims and Roles.

Description:

First of all create a MVC 5 application. Then implement IUser,

        
    public class ApplicationUser : IUser
    {
        public ApplicationUser()
        {
            this.Id = Guid.NewGuid().ToString();
        }
        public ApplicationUser(string userName): this()
        {
            UserName = userName;
        }
        public virtual string Id { get; set; }
        public virtual string PasswordHash { get; set; }
        public virtual string SecurityStamp { get; set; }
        public virtual string UserName { get; set; }
    }

Next we need a DbContet to store the Users,

    
    public class ApplicationDbContext : DbContext
    {
        public ApplicationDbContext()
            : base("DefaultConnection")
        {
        }
        public virtual IDbSet<ApplicationUser> Users { get; set; }
    }

and then we need to implement IUserStore, IUserPasswordStore and IUserSecurityStampStore,

        
    public class MyUserStore : IUserStore<ApplicationUser>, IUserPasswordStore<ApplicationUser>, IUserSecurityStampStore<ApplicationUser>
    {
        UserStore<IdentityUser> userStore = new UserStore<IdentityUser>(new ApplicationDbContext());
        public MyUserStore()
        {
        }
        public Task CreateAsync(ApplicationUser user)
        {
            var context = userStore.Context as ApplicationDbContext;
            context.Users.Add(user);
            context.Configuration.ValidateOnSaveEnabled = false;
            return context.SaveChangesAsync();
        }
        public Task DeleteAsync(ApplicationUser user)
        {
            var context = userStore.Context as ApplicationDbContext;
            context.Users.Remove(user);
            context.Configuration.ValidateOnSaveEnabled = false;
            return context.SaveChangesAsync();
        }
        public Task<ApplicationUser> FindByIdAsync(string userId)
        {
            var context = userStore.Context as ApplicationDbContext;
            return context.Users.Where(u => u.Id.ToLower() == userId.ToLower()).FirstOrDefaultAsync();
        }
        public Task<ApplicationUser> FindByNameAsync(string userName)
        {
            var context = userStore.Context as ApplicationDbContext;
            return context.Users.Where(u => u.UserName.ToLower() == userName.ToLower()).FirstOrDefaultAsync();
        }
        public Task UpdateAsync(ApplicationUser user)
        {
            var context = userStore.Context as ApplicationDbContext;
            context.Users.Attach(user);
            context.Entry(user).State = EntityState.Modified;
            context.Configuration.ValidateOnSaveEnabled = false;
            return context.SaveChangesAsync();
        }
        public void Dispose()
        {
            userStore.Dispose();
        }
       
        public Task<string> GetPasswordHashAsync(ApplicationUser user)
        {
            var identityUser = ToIdentityUser(user);
            var task = userStore.GetPasswordHashAsync(identityUser);
            SetApplicationUser(user, identityUser);
            return task;
        }
        public Task<bool> HasPasswordAsync(ApplicationUser user)
        {
            var identityUser = ToIdentityUser(user);
            var task = userStore.HasPasswordAsync(identityUser);
            SetApplicationUser(user, identityUser);
            return task;
        }
        public Task SetPasswordHashAsync(ApplicationUser user, string passwordHash)
        {
            var identityUser = ToIdentityUser(user);
            var task = userStore.SetPasswordHashAsync(identityUser, passwordHash);
            SetApplicationUser(user, identityUser);
            return task;
        }
        public Task<string> GetSecurityStampAsync(ApplicationUser user)
        {
            var identityUser = ToIdentityUser(user);
            var task = userStore.GetSecurityStampAsync(identityUser);
            SetApplicationUser(user, identityUser);
            return task;
        }
        public Task SetSecurityStampAsync(ApplicationUser user, string stamp)
        {
            var identityUser = ToIdentityUser(user);
            var task = userStore.SetSecurityStampAsync(identityUser, stamp);
            SetApplicationUser(user, identityUser);
            return task;
        }
        private static void SetApplicationUser(ApplicationUser user, IdentityUser identityUser)
        {
            user.PasswordHash = identityUser.PasswordHash;
            user.SecurityStamp = identityUser.SecurityStamp;
            user.Id = identityUser.Id;
            user.UserName = identityUser.UserName;
        }
        private IdentityUser ToIdentityUser(ApplicationUser user)
        {
            return new IdentityUser
            {
                Id = user.Id,
                PasswordHash = user.PasswordHash,
                SecurityStamp = user.SecurityStamp,
                UserName = user.UserName
            };
        }
    }

For password hash and security stamp, I am using the UserStore's implementation for making thing simpler. Finally we just need to change AccountController's constructor to leverage our MyUserStore implementation,

        public AccountController()
            : this(new UserManager<ApplicationUser>(new MyUserStore()))
        {
        }

        public AccountController(UserManager<ApplicationUser> userManager)
        {
            UserManager = userManager;
        }

Summary:

The new Microsoft.AspNet.Identity make it very easy to extend the storage system. In this article, I showed you how to implement a simple implementation of Microsoft.AspNet.Identity. Hopefully you enjoyed my this article too.

You may also want to take a look at this project template:

http://visualstudiogallery.msdn.microsoft.com/6780f8e4-d204-4e88-83c2-853098727ffb

It can be used as a groundwork for creating a custom ASP.NET Identity provider using database-first development approach.

Konstantin Tarkus - Friday, December 13, 2013 2:32:07 PM

Finally! I was searching for 1 hour for this! Thank you!

Adrian Munteanu - Saturday, January 11, 2014 4:33:48 PM

Thanks a lot. How to add user roles using IRole

Chetana - Friday, January 17, 2014 5:15:26 AM

@Chetana, see this link https://github.com/rustd/AspnetIdentitySample/blob/master/AspnetIdentitySample/App_Start/IdentityConfig.cs

imran_ku07 - Friday, January 24, 2014 7:59:54 AM

Salam. This is Ovais from your 2007 MCS Batch (KU). I really appreciate your efforts in demonstrating the above. Keep it up!

Muhammad Ovais - Friday, February 14, 2014 10:31:19 AM

@Muhammad Ovais, Thanks, also make sure to check all tutorials asp.net/identity and IdentityReboot

imran_ku07 - Friday, February 14, 2014 11:04:06 AM

Sure, can u please share their links.

Ovais - Friday, February 14, 2014 12:41:54 PM

Hi,i would like to ask if it's possible change users table name in asp.net web api with adding fields into the user table?thank you.

yonghan79 - Sunday, February 16, 2014 8:42:14 AM

@Ovais,
http://asp.net/identity
http://brockallen.com/2014/02/11/introducing-identityreboot/

@yonghan79,

See the tutorials,
http://asp.net/identity

imran_ku07 - Sunday, February 16, 2014 8:47:20 AM

9 Comments