Best IT Recipes

How to configure authentication in my own set of tables in asp.net web api 2?

In the default AccountController, I see

public AccountController() : this(Startup.UserManagerFactory(), Startup.OAuthOptions.AccessTokenFormat) { }

In Startup.Auth.cs, I see

  UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>());

It seems that the implementation of UserStore comes from Microsoft.AspNet.Identity.EntityFramework .

So, in order to configure authentication, I have to implement my own version of UserStore, for example

  class MYSTUFFUserStore<IdentityUser> : UserStore<IdentityUser> { }

and override the methods and then do it in Startup.Auth.cs

 UserManagerFactory = () => new UserManager<IdentityUser>(new MYSTUFFUserStore<IdentityUser>());

I am looking for the right way to configure authentication.

+25
asp.net-web-api asp.net-identity
Dec 11 '13 at
source share
1 answer

Assuming your table is called AppUser , convert your own AppUser domain AppUser to IUser(using Microsoft.AspNet.Identity) , like this

 using Microsoft.AspNet.Identity; public class AppUser : IUser { //Existing database fields public long AppUserId { get; set; } public string AppUserName { get; set; } public string AppPassword { get; set; } public AppUser() { this.Id = Guid.NewGuid().ToString(); } [Ignore] public virtual string Id { get; set; } [Ignore] public string UserName { get { return AppUserName; } set { AppUserName = value; } } }

UserStore like this

 using Microsoft.AspNet.Identity; public class UserStoreService : IUserStore<AppUser>, IUserPasswordStore<AppUser> { CompanyDbContext context = new CompanyDbContext(); public Task CreateAsync(AppUser user) { throw new NotImplementedException(); } public Task DeleteAsync(AppUser user) { throw new NotImplementedException(); } public Task<AppUser> FindByIdAsync(string userId) { throw new NotImplementedException(); } public Task<AppUser> FindByNameAsync(string userName) { Task<AppUser> task = context.AppUsers.Where( apu => apu.AppUserName == userName) .FirstOrDefaultAsync(); return task; } public Task UpdateAsync(AppUser user) { throw new NotImplementedException(); } public void Dispose() { context.Dispose(); } public Task<string> GetPasswordHashAsync(AppUser user) { if (user == null) { throw new ArgumentNullException("user"); } return Task.FromResult(user.AppPassword); } public Task<bool> HasPasswordAsync(AppUser user) { return Task.FromResult(user.AppPassword != null); } public Task SetPasswordHashAsync(AppUser user, string passwordHash) { throw new NotImplementedException(); } }

If you have your own custom password hashing, you will also need to implement IPasswordHasher . Below is an example of no password hashing (no!)

 using Microsoft.AspNet.Identity; public class MyPasswordHasher : IPasswordHasher { public string HashPassword(string password) { return password; } public PasswordVerificationResult VerifyHashedPassword (string hashedPassword, string providedPassword) { if (hashedPassword == HashPassword(providedPassword)) return PasswordVerificationResult.Success; else return PasswordVerificationResult.Failed; } }

In Startup.Auth.cs replace

 UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>());

from

  UserManagerFactory = () => new UserManager<AppUser>(new UserStoreService()) { PasswordHasher = new MyPasswordHasher() };

In ApplicationOAuthProvider.cs replace IdentityUser with AppUser

In AccountController.cs replace IdentityUser with AppUser and remove all external authentication methods such as GetManageInfo and RegisterExternal , etc.

+42
Dec 19 '13 at 18:28
source share
— -


More articles:


All Articles