introduction to asp.net identitysddconf.com/brands/sdd/library/aspid1.pdf · asp.net identity...
TRANSCRIPT
![Page 2: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/2.jpg)
Overview
• Architecture
• Setup
• Scenarios• Registration
• Signin
• Signout
• User management
![Page 3: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/3.jpg)
ASP.NET Identity library features
• Authenticate users• Identification (e.g. username,
certificate, facebook login)
• Store user information• Profile data (e.g. first & last name)
• Roles (Sales, Manager, Customer, etc.)
• Manage cookies• Using cookie authentication
middleware
![Page 4: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/4.jpg)
ASP.NET Identity Architecture
• User models data
• User Store stores/retrieves user data in database
• User Manager manages security operations for user
User Manager
app
User
database
User Store
![Page 5: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/5.jpg)
Setup
• NuGets
• Modeling users and database
• API for security features
• Configuration in DI
• Database setup
![Page 6: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/6.jpg)
NuGets
![Page 7: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/7.jpg)
Modeling users
• Define User class• Models user data for authentication and identity
• Derive from EF-provided IdentityUser base• Provides several properties/collections to manage identity data
• Add any custom properties needed• Will map to columns in a relational database table
public class MyUser : IdentityUser{
public string FirstName { get; set; }public string LastName { get; set; }
}
![Page 8: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/8.jpg)
Modeling database
• IdentityDbContext class provides EF modeling of database tables
• Sometimes custom IdentityDbContext-derived class useful• Allows for schema modification
• Allows for custom tables, if needed
public class MyUserDatabase : IdentityDbContext<MyUser>{
public MyUserDatabase(DbContextOptions options) : base(options){}
}
![Page 9: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/9.jpg)
Accessing security features
• UserManager provides main API for features• Creating, Deleting
• User lookup/query APIs
• Credential validation and lockout
• Managing/updating identity data
• Email/phone verification
• Custom UserManager-derived class sometimes used
![Page 10: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/10.jpg)
Configuration with DI
• Many services used to provide identity• Typically registered in DI
• AddIdentity adds to ASP.NET Core DI system• Typical options callback delegate used to customize
• Extension methods for registering custom implementations
services.AddDbContext<MyUserDatabase>(options=>{
options.UseSqlServer("server=localhost;database=test;trusted_connection=yes;");});
services.AddIdentity<MyUser, IdentityRole>().AddUserManager<MyUserManager>().AddEntityFrameworkStores<MyUserDatabase>();
![Page 11: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/11.jpg)
Database setup
• Migrations used to define DB schema
• EF tooling used to create database
![Page 12: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/12.jpg)
Basic scenarios
• User creation
• Sign-in
• Sign-out
• User data management
![Page 13: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/13.jpg)
User creation
• Decide on a provisioning process• Self-service registration
• Batch user import
• UserManager.CreateUser to create new user• Accepts new user and password as
parameters
![Page 14: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/14.jpg)
Sign-in features and steps
• Login page must:• Validate credentials
• Issue claims into cookie
• Brute force prevention
![Page 15: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/15.jpg)
Validate credentials
• UserManager.CheckPassword used to validate credentials
• Separate APIs for:• Creating claims
• Issuing cookies
• Brute force prevention
var user = await _userManager.FindByEmailAsync(model.Email);if (user != null){
if (await _userManager.CheckPasswordAsync(user, model.Password)){
// success!}
}
![Page 16: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/16.jpg)
Claims and cookies
• Claims used to model user identity • Simple key/value pairs for ease to model identity
• Simple/portable for serialization into cookie
• Use cookie authentication middleware to manage cookie
var claims = new Claim[]{
new Claim("userId", user.Id)};var ci = new ClaimsIdentity(claims, "password");var cp = new ClaimsPrincipal(ci);
await HttpContext.Authentication.SignInAsync("Cookies", cp);
![Page 17: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/17.jpg)
UserClaimsPrincipalFactory
• Helper class to encapsulate conversion of user to claims• Automatically maps basic properties, claims, and roles
• Claim types options can be used to configure claim types used
• Does not handle custom properties• Custom implementation necessary for this
![Page 18: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/18.jpg)
Brute force prevention
• Must coordinate with UserManager for lockout• AccessFailedAsync used when password fails
• ResetAccessFailedCountAsync when password succeeds
• IsLockedOutAsync to check if user already locked out
![Page 19: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/19.jpg)
SigninManager
• Helper class to encapsulate all of manual work• Does claims mapping
• Issues cookie
• Does brute force checking
var result = await _signinManager.PasswordSignInAsync(model.Email, model.Password, false, true);
if (result.Succeeded){
return Redirect("~/");}
![Page 20: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/20.jpg)
Sign-out
• Simply clear authentication cookie• Or can use SigninManager
[HttpPost][ValidateAntiForgeryToken]public async Task<IActionResult> Logout(){
await HttpContext.Authentication.SignOutAsync("Cookies");
return Redirect("~/");}
![Page 21: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/21.jpg)
User management
• Change password
• Profile
• Claims
• Roles
![Page 22: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/22.jpg)
Change password
• UserManager provides ChangePassword API• Also, ChangeEmail and ChangeUsername
var user = await _userManager.GetUserAsync(User);
var result = await _userManager.ChangePasswordAsync(user,model.OldPassword, model.NewPassword);
if (result.Succeeded){
return View("ChangePasswordSuccess");}
![Page 23: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/23.jpg)
Profile
• Custom user properties persisted with UserManager.Update• Might need to re-issue cookie with updated claims
var user = await _userManager.GetUserAsync(User);
user.FirstName = model.First;user.LastName = model.Last;
var result = await _userManager.UpdateAsync(user);if (result.Succeeded){
await _signinManager.SignInAsync(user, false);return View("ProfileSuccess");
}
![Page 24: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/24.jpg)
Claims
• Claims allow for flexible user attributes• Key/value pairs
• AddClaim(s) and RemoveClaim(s) APIs to manage• Must explicitly manage duplicates
![Page 25: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/25.jpg)
Roles
• Roles are special cased• Roles are just claims, so AddClaim API could be sufficient
• Role definition must exist to put user in role• Using the RoleManager
• Roles themselves can have claims• Use with caution
![Page 26: Introduction to ASP.NET Identitysddconf.com/brands/sdd/library/AspId1.pdf · ASP.NET Identity library features •Authenticate users •Identification (e.g. username, certificate,](https://reader030.vdocuments.site/reader030/viewer/2022040617/5f237d2bf95ef22bb6296e5a/html5/thumbnails/26.jpg)
Summary
• ASP.NET identity is decent framework for managing user identity
• You must still understand what it’s doing for you
• Encapsulation layer would be recommended to control features