Introduction to ASP.NET Core Identity

Login Window.

ASP.NET Core Identity is a membership system that enables you to add login functionality to your application, allowing visitors to create an account and login with a user name and password from Facebook, Google or other external login providers.

ASP.NET is compatible with SQL Server and Azure Storage Table.

ASP.NET Core Identity is closely tied to Entity Framework. To use ASP.NET Core Identity, you must download the following package: Microsoft.AspNetCore.Identity.EntityFrameworkCore.

Here are the associated dependencies: 

Example of use with an individual user account

1. After creating an ASP.NET Core Web application, click on “Change Authentication” and select “Individual User Accounts”.

2. Configuring ASP.NET Core Identity.

Under Startup.cs, you’ll see the ConfigureServices option. Automatically add AddIdentity, with ApplicationUser as the concrete class describing the current user, inheriting the Identity interface and the IdentityRole roles.

AddEntityFrameworkStores<ApplicationContext> also being present, the current user represented by ApplicationUser will be populated from the data store. ApplicationDbContext (DbContext) is self-generated by default upon creation of the project.

Finally, a token provider is added by default. AddDefaultTokenProviders allows you to generate security tokens for account-related operations (for example, creating an encrypted password).

3. Activating ASP.NET Core Identity.

Still under Startup.cs, seeing as our application is preconfigured using Identity, the app.UseIdentity will be added to the Configure method.

4. Configuring a MVC controller.

Dependency injection has been configured for Identity by default. In our case, two services were used:

  • UserManager<ApplicationUser> for user management (creating accounts, changing passwords, etc.).
  • SignInManager<ApplicationUser> for authentication management and disconnection.

5. Creating a user.

The CreateAsync method is used to create users for the UserManager service. Since it is “awaitable”, it is asynchronous.

6. User authentication.

To authenticate users, the PasswordSignInAsync method is used for SignInManager service. It also is asynchronous.

7. Disconnection.

The method to use here is SignOutAsync from the service SignInManager.

8. Generating the database on first execution.

In the manager package console, type the following command: 

PM> Update-Database

ASP.NET Identity Core’s default database will be generated:

9. Verifying the cookie generated upon authentication.

In our case, the cookie will have the default name AspNetCore.Identity.Application.

For further details on ASP.NET Core Identity, see the official documentation: ASP.NET: https://docs.asp.net/en/latest/security/authentication/identity.html