All geek questions in one place

ASP.NET Identity & ASP.NET Member Provider Provider "Mashup"

We have an existing web application that was created based on MVC and the SQL Membership Provider for user authentication. The application also includes administrator control screens for creating / editing users, resetting passwords, activating accounts, etc. This is a fairly mature system and has been working for ~ 2.5 years.

Now we have a new requirement to provide some data from the system through the API, and we consider WebApi as a candidate technology.

One of the issues I am facing is authentication. I would like to use the existing user / role management functions in our application, create and manage API accounts. However, since the preferred option for WebAPI is to use an ASP.NET identifier (application / bearer identifiers, etc.), I'm a little confused about what the best options would be.

It would be possible or a bad idea to somehow train the audio signal in the existing user / password authentication provider of membership in the web api auth mechs. There is a method in ApplicationOAuthProvider that looks like I could manipulate by replacing the string IdentityUser user = await userManager.FindAsync(context.UserName, context.Password); to call MemberhipProvider. It seems very awkward.

Thought and options would be greatly appreciated.

+5
source share
3 answers

Not really an answer, only my 0.02 cents.

I think that you will spend as much time participating in the MembershipProvider tournament in the new Identity as it takes to properly upgrade the new Idenitty infrastructure.

I made an update on two different systems, as not small (one 200K, another 70K lines of code) with a large number of users. The smaller system took me 7 man-days, more than 5 days (I knew that I was doing the second time). Both systems had an extended amount of user management code; one of the systems contributed to the impersonation of the other user to administrators. Everything worked smoothly and there were no downtime. Users did not notice the difference.
But after updating things using user management / authentication were much easier, you will get 5 days spent on updating in the shortest possible time. Think of it as investing -))

I looked at the source code (in the decompiler) of the MembershipProvider, and many things are static, dirty, sealed and just unmanageable. I would say that it would be easier to flush it instead of creating older code, just to save the dying library.

In other words, it will be easier to update everything, rather than trying to reuse old files.

+3
source

This can be done by implementing your own UserStore. I think there would be a lot of dragons. You will have to think through all these other scenarios and reconcile them: forgot your password, confirmation by e-mail, the number of failed login attempts and time intervals, etc. Basically, everything that updates your user data should be thought out and possibly done doubly in each set of tables. If you could add columns to existing membership tables to support the asp.net identifier interface, which might help, but at some point you will eventually give up most of the data access and implement a full-fledged UserStore instead of delegating the source code based on Entity Framework.

+1
source

I would like to use the existing user / role management features in our application to create and manage API accounts. However, since the preferred option for WebAPI is to use an ASP.NET identifier (claims / media tokens, etc.). I'm a little confused by the fact that better options will be.

It is not recommended that you mix with your existing SQL membership provider and web API in the same project.

In my scenario, I created a separate Web API 2 project. Then I created a separate class library project to keep the IoC container in one place, and both web applications and web APIs reference this class library.

The Web API project can still use SQL membership provider tables. However, you need to verify the user yourself using the coding algorithm of the membership provider and create the IPrincipal object with claims yourself. Then assign Thread.CurrentPrincipal .

For token-based authentication, you can simply use JNON Web Token .

Updated: If you have more time, you can transfer the SQL membership directly to the ASP.NET identifier using this example . You can then save the MVC and Web API in the same project, since both use the ASP.NET identifier.

+1
source

Source: https://habr.com/ru/post/1203126/

More articles:


All Articles