I am trying to authenticate user against existing database. I found that I need to implement IUserStore. I am trying to create Custom User implementing IUser, I can find IUser is in Microsoft.AspNet.Identity assembly. Is there equivalent interface in asp.net core?
Any help is appreciated.
Thanks,
I have just been Googling for the same and I have found this closed issue on GitHub https://github.com/aspnet/Identity/issues/948
From the comments it seems that the interfaces don't exist, but we still have to provide the methods on our UserStore... sounds a bit confusing to me.
I have also found https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie which describes cookie middleware without ASP.NET Core Identity.
These are also good reading https://andrewlock.net/introduction-to-authentication-with-asp-net-core/ and https://andrewlock.net/exploring-the-cookieauthenticationmiddleware-in-asp-net-core/
Related
I'm very new with those things, so I have some problems with understanding and figuring out which approach to use.
Currently, I am using .NET Core 3.1 and IdentityServer4 in my project. I am configuring my authorization server and there I have some controllers for creating users, clients etc.
In the controller for users handling I am using UserManager for all of the CRUD operations. Is that better approach than using dbContext?
I have created controller for handling clients as well. For this purpose, I am using ConfigurationDbContext, since I have not found some kind of a built-in manager for handling this.
Do you have some better solution? I am thinking of creating managers for this. Is there some example of that?
I want to create controllers which would function in the similar way, to have similar behavior, response results, validations etc.
Thank you for your help.
As far I as know UserManager comes with ASP.Net core Identity which is the way Microsoft gives built-in functionality to manage Manages users, passwords, profile data, roles, and others.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-3.1&tabs=visual-studio
You can find Stores under IdentityServer4 namespaces like IClientStore and IResourceStore and more, so those interfaces have a similar Idea of userManager for users in Identity.
This is the source code https://github.com/IdentityServer/IdentityServer4/tree/master/src/Storage/src/Stores
Anyway there is an AdminUi that you can take a look to see if you find something helpful https://www.identityserver.com/documentation
I am trying to implement JWT Auth in my Core 2.1 webAPI. I'm still learning Core 2.1 and I have worked with MVC5 before. My question is that in MVC5, the AccountControllerwas auto generated along with all the controllers to handle the complete user authentication and authorization process. Now as I'm trying to implement the same thing for my Core 2.1 API, I've realized that they are no longer auto generated. I've searched around and have quite a few resoucrses that are teaching how to implement the functionality but, I remeber everyone would say to do not reinvent the authorization/authentication wheel and use the auto generated code provided by MVC5. Now I could follow the tutorials out there and implement the process myself but pretty much everyone seems to be doing there own implementation. Is this the correct way of doing this? I don't want to implement by following these tutorials and end up with a security loophole in my API.
I struggled with the same issue. I dont' know if it is good way to support authentication/authorization, but I found solution.
Generally web api should be pure api link. However when you:
1) derive form IdentityDbContext in DatabaseContext:
public class DatabaseContext : IdentityDbContext<ApplicationUser>
where ApplicationUser is your own class which derives from IdentityUser:
public class ApplicationUser : IdentityUser
2) do migrations, EF Core will generate for you all tables tha you need
Next, you must setup JWT authorize in your Startup class and create method in your AccountController to generate tokens. Really helpful video link
Is it answer on your question? Or I missed up something. I'm quite new in .NET
I need simple log in functionality in my project (logged in users can access and modify their profile). I've read a book "PRO ASP.NET MVC 5" by Adam Freeman where he quickly written a simple, short and elegant login mechanism just by using authorization and authentication filters and extending from some built-in classes. However, I just checked the internet and found many completely opposite approaches using classes such as Identity and Claim and achieved by writing LOTS of code, i.e. this or this.
Is it really necessary to implement a huge framework and write many lines of code just for a simple log in approach with some security? Is it really that bad to rely on authentication and authorization filters?
Yes, I am planning on publishing my project, but it's really very small.
What would be the best and the most beneficial practice for creating a basic log in functionality?
when you create asp.net mvc 5 webapp you will find asp.net-identity already exist you just have to make simple changes in the user to link it to your other entites
I am somewhat of a novice application developer, certainly very new to MVC4 and have been through a number of handy tutorials to learn the core principles of MVC. I do get lost with terminology as someone who is entirley self taught.
I am trying to replace an application I wrote previously that uses ASP.net membership which I was able to create myself. This application is an issue logging and reporting system that does a lot with an SQL database.
I have no concern dropping all the users and rebuilding the user database in the new simplemembership provider. Although, I am not sure where to start.
I feel as though using the ready made "internet application" template means I end up with loads of files / folders I do not need (or understand), so my question is, how to I start with MVC4 and simplemembership, ideally without using the "internet application" template.
Thank you.
The Internet template does not add that many unnecessary files. It will add controllers, views, and models you will need for handling user log-on and registration. If you start from an Empty MVC project you will have to create these items from scratch. If you want to start from scratch I would take a look at the open source project SimpleSecurity that decouples SimpleMembership from your MVC application. There is an article here that describes this approach which will make it easier to incorporate SimpleMembership into an Empty MVC project. You can look at the example in the SimpleSecurity project so you can copy the controllers, views and models you will need. The example adds email confirmation and other features that are not available in the Internet template.
There are some unnecessary files, but it depends on how you define "unnecessary".
If you don't care about signing in with a facebook or google account, and you don't care about WebApi, and you don't care about knockout.js and other stuff, you're free to delete it. You can use Nuget to uninstall the Webapi stuff. And you can also remove the OpenId stuff, but you will have to modify your AccountController to remove the code that makes use of it.
It would help if you could ask specific questions.. vague questions like this are hard to answer because we don't know what's unnecessary for you.
Thanks for your help, I know my question was vague, but I was only able to build my new site from an empty template by following this guide.
I have changed a few things (i.e. an instance of SQL rather than local DB) and it all worked.
How to add ASP.NET Membership Provider in a Empty MVC 4 Project Template?
I am create a new asp.net website and I need to use a few authentication provider. I easily got all the providers working (thanks to this awesome template and scotts vid). I'm a little stuck with getting this to work with a linked in account. I assume it would be just as easy as it was for face book but I can't find any tutorials or snippets. I'm sure I'm not the first guy to try this. Please assist
Thank you
In the AuthConfig class under the RegisterAuth method call the method
OAuthWebSecurity.RegisterLinkedInClient("xxxxx","xxxxxxx");
with the appropriate inputs you receive from LinkedIn. Also another thing, I received an error when trying to log in using linkedin. I came across a post on stack overflow(wish I can give the link), you need to update
dotnetopenauth, I used nuget to update it. Thanks PinnyM.