Authentication in ASP.Net MVC 5 using Identity Libraries – Part 3
My earlier post listed the steps to set up cookie based authentication in ASP.Net MVC 5 project using Identity libraries.
There was however, hardcoded username and password used for the authentication logic.
I will replace the same with the new membership features in ASP.Net Identity, by validating the credentials against information stored in the SQL database.
Install a new Nuget package
In order to store the user information in database we need to install another nuget package. Microsoft.AspNet.Identity.EntityFramework
This can be installed from the Package explorer using Install-Package Microsoft.AspNet.Identity.EntityFramework
This library uses Entity Framework to persist user data to SQL Server.
Update the connection string in the web.config file accordingly.
I’m using the localdb database and hence my web.config file has the following settings…
Next we need to create a class to represent our user.
ASP.Net provides a class IdentityUser which is a default implementation for the IUser interface.
We can subclass the IdentityUser class and add any additional properties that we plan to have for the user.
For this, I have created a new class file IdentityConfig.cs under App_Start folder.
Add the following code to this class. I have added an additional property Country to the user class.
ASP.Net provides an inbuilt IdentityDbContext<TUser> to interface with Entity Framework.
However, it is recommended that you create your own Entity Framework DbContext.
To do this, create a new IdentityModel.cs class file under the Models folder.
Add the following code to it…
The Create method has been added as an alternative to Dependency Injection(DI).
If you are using DI libraries like Ninject, you may handle these instantiation in an appropriate manner.
The ASP.NET Identity UserManager class is used to manage users.
Registering new users, validating credentials and loading user information.
It is not concerned with how user information is stored.
For this it relies on a UserStore (which in our case uses Entity Framework).
There are also implementations available for Azure Table Storage, RavenDB and MongoDB to name a few.
We’ll add our own UserManager class by subclassing the UserManager<TUser> as follows…
We’ll now make the UserManager<AppUser> instance accessible from AuthController.
To do this add the following to the AuthController class…
We also want to make sure that we dispose the underlying Entity Framework DbContext at the end of the request.
To do this we override the Dispose method in the AuthController as…
We can now replace the hardcoded authentication logic in the Login action of the AuthController as follows…
We try to achieve the following here…
First we attempt to find a user with the provided credentials using UserManager.FindAsync.
If the user exists we create a claims identity for the user that can be passed to AuthenticationManager. This will include any custom claims that you’ve stored.
Finally we sign in the user using the cookie authentication middleware SignIn(identity).
With this the logic to login the user is complete.
We now need a way to register the user.
We’ll first create a view model to register the user, say RegisterModel.
We can now add Register actions to the AuthController as…
To create the user we call UserManager.CreateAsync passing our AppUser instance and the user password.
The ASP.NET Identity library will take care of hashing and storing this securely.
Finally, we create a Register view as…
With this we can now run the application and verify the end-to-end flow.
For handling the claims related information we can use our own ClaimsIdentityFactory as follows…
This can be added in the IdentityConfig.cs file.
Now we need to add a reference to an instance of the above ClaimsIdentityFactory in our UserManager class as follows…
With this we come to the end of this 3 part series.
Hope this benefits everyone.