Decoupling ASP.NET Identify From Your MVC 5 Application

For many of the same reasons I created class library that abstracts SimpleMembership I have created a class library for ASP.NET Identity.  I used the same interface I used in SimpleSecurity, which is basically the interface used by the class WebSecurity in SimpleMembership.  The beauty of this approach is that I could take my old models, views, and controllers from an application that used SimpleMembership and now just plugin the new ASP.NET Identity.  The main difference is that anywhere that the user ID that uniquely defines a member is used it is now a string instead of an integer, because that is the default for ASP.NET Identity. There are methods to have it use an integer as well and I am debating incorporating that into this class library.

All of the code for this is open source and available on the SimpleSecurity Project.  Just go to the Source Code page and download it. The class library is located in AspNetIdentity\SimpleSecurity.AspNetIdentity.  The filters for authorization are located in AspNetIdentity\SimpleSecurity.AspNetIdentity.Filters and there is a reference application in AspNetIdentity\SimpleSecurity.AspNetIdentity.RefApp. The reference application demonstrates how to setup migrations, email confirmation during registration, password reset with a token, using basic authentication on Web API's, how to create an authorization attribute that uses ASP.NET Identity, and how to decouple your security model from your application model.

To use this in a new project it will have to be an MVC 5 application. If you have an existing MVC 4 application there are instruction for upgrading to MVC 5 here.  You get the new MVC 5 assemblies with NuGet. You will also need to use NuGet to get the assemblies for OWIN and ASP.NET Identity. You can use the reference application to see exactly what assemblies are required.  You will also need to incorporate Startup.Auth.cs in your App_Start directory and Startup.cs in the root of your application. Again, use the reference application to get the content of these classes.  You will also need to configure the database initializer for migrations of SimpleSecurity database in your web.config.

I hope this helps you get a jump start on using ASP.NET Identity. The lack of documentation is rather frustrating at this time and hopefully these examples will help.  I also think that using SimpleSecurity is a better approach to using ASP.NET Identity rather than the code that is generated by the T4 template that peppers your application code with Entity Framework and data storage details that should not be part of your application domain.  And since ASP.NET Identity is still in flux it gives you one class library to update rather than finding code scattered in your MVC application.

As always, I am interested in ways to make SimpleSecurity better and I am interested in your comments. You can comment on this blog or on the Issues page in the SimpleSecurity project.


Popular posts from this blog

Customizing Claims for Authorization in ASP.NET Core 2.0

Using Claims in ASP.NET Identity

Adding Email Confirmation to ASP.NET Identity in MVC 5