Identity in ASP.NET Core

source

---

Dependencies

• Entity Framework Core
• Entity Framework Tools
• Entity Framework SqlServer

---

User Identity Workflow

• Sign-up/log-in page
• cookie base authentication/token base authentication
• security context is stored in either cookie or token
• user information is stored in database, credentials needs to be checked against stored data
• After credentials verification, security is generated which is serialized into either cookie or web token
• cookie/token is stored in both server and browser
• security context is serialized back and forth b/w browser and server

---

ASP.NET Core Basics

• Create cross-platform application (both Web API, and Web)
• Middleware Pipeline: (authentication, authorization, etc). Each http request must pass through middleware one by one when it is coming or going back

---

Security Context

• Security context stores all the information that user has for security purpose
• All this infromation is stored in one single object called claims principles
• claims principles also called Principle contain one or more identities of user

• Principle present logged in user

---

Authorization Architecture

• DbContext will look like this

using IdentityProject.Models;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;

namespace IdentityProject.Data
{
    public class ApplicationDbContext: IdentityDbContext<DefaultUser>
    {
        public ApplicationDbContext(DbContextOptions options): base(options)
        {
        }
        // This is where we will be adding the Models
        DbSet<Books> books { get; set; }
    }
}

• After that use scafolding to add identity to the project

using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Identity;
using IdentityProject.Data;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddControllersWithViews();
builder.Services.AddDbContext<IdentityProject.Data.ApplicationDbContext>(
    options => options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"))
    );

// Identity Db Context has been added
builder.Services.AddDefaultIdentity<IdentityProject.Models.DefaultUser>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>();

var app = builder.Build();

// These are the middlewares
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Home/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

app.MapRazorPages();
app.Run();

• Apply migrations to update the database

add-migration "message"
update-database

---