asp.net-identity – Page 5 – Make Me Engineer

Configure the authorization server endpoint

June 24, 2022 by Tarik

EDIT (01/28/2021): AspNet.Security.OpenIdConnect.Server has been merged into OpenIddict as part of the 3.0 update. To get started with OpenIddict, visit documentation.openiddict.com. Okay, let’s recap the different OAuth2 middleware (and their respective IAppBuilder extensions) that were offered by OWIN/Katana 3 and the ones that will be ported to ASP.NET Core: app.UseOAuthBearerAuthentication/OAuthBearerAuthenticationMiddleware: its name was not terribly … Read more

Unauthorised webapi call returning login page rather than 401

June 24, 2022 by Tarik

Brock Allen has a nice blog post on how to return 401 for ajax calls when using Cookie authentication and OWIN. http://brockallen.com/2013/10/27/using-cookie-authentication-middleware-with-web-api-and-401-response-codes/ Put this in ConfigureAuth method in the Startup.Auth.cs file: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/Account/Login”), Provider = new CookieAuthenticationProvider { OnApplyRedirect = ctx => { if (!IsAjaxRequest(ctx.Request)) { ctx.Response.Redirect(ctx.RedirectUri); … Read more

ASP.NET Identity with EF Database First MVC5

June 18, 2022 by Tarik

It should be possible to use the identity system with POCO and Database First, but you’ll have to make a couple of tweaks: Update the .tt-file for POCO generation to make the entity classes partial. That will make it possible for you to supply additional implementation in a separate file. Make a partial implementation of … Read more

How to get the current logged in user ID in ASP.NET Core?

June 17, 2022 by Tarik

Update in ASP.NET Core Version >= 2.0 In the Controller: public class YourControllerNameController : Controller { private readonly UserManager<ApplicationUser> _userManager; public YourControllerNameController(UserManager<ApplicationUser> userManager) { _userManager = userManager; } public async Task<IActionResult> YourMethodName() { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier) // will give the user’s userId var userName = User.FindFirstValue(ClaimTypes.Name) // will give the user’s userName // For … Read more

How to get current user in asp.net core

June 16, 2022 by Tarik

User.FindFirst(ClaimTypes.NameIdentifier).Value EDIT for constructor Below code works: public Controller(IHttpContextAccessor httpContextAccessor) { var userId = httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value } Edit for RTM You should register IHttpContextAccessor: public void ConfigureServices(IServiceCollection services) { services.AddHttpContextAccessor(); }

How can I change the table names when using ASP.NET Identity?

May 16, 2022 by Tarik

You can do this easily by modifying the IdentityModel.cs as per the below: Override OnModelCreating in your DbContext then add the following, this will change AspNetUser table to “Users” you can also change the field names the default Id column will become User_Id. modelBuilder.Entity<IdentityUser>() .ToTable(“Users”, “dbo”).Property(p => p.Id).HasColumnName(“User_Id”); or simply the below if you want … Read more

How to extend available properties of User.Identity

May 15, 2022 by Tarik

Whenever you want to extend the properties of User.Identity with any additional properties like the question above, add these properties to the ApplicationUser class first like so: public class ApplicationUser : IdentityUser { public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(this, … Read more

What is ASP.NET Identity’s IUserSecurityStampStore interface?

May 13, 2022 by Tarik

This is meant to represent the current snapshot of your user’s credentials. So if nothing changes, the stamp will stay the same. But if the user’s password is changed, or a login is removed (unlink your google/fb account), the stamp will change. This is needed for things like automatically signing users/rejecting old cookies when this … Read more

ASP.NET Identity’s default Password Hasher – How does it work and is it secure?

May 13, 2022 by Tarik

Here is how the default implementation (ASP.NET Framework or ASP.NET Core) works. It uses a Key Derivation Function with random salt to produce the hash. The salt is included as part of the output of the KDF. Thus, each time you “hash” the same password you will get different hashes. To verify the hash the … Read more

ASP.NET_SessionId + OWIN Cookies do not send to browser

May 11, 2022 by Tarik

I have encountered the same problem and traced the cause to OWIN ASP.NET hosting implementation. I would say it’s a bug. Some background My findings are based on these assembly versions: Microsoft.Owin, Version=2.0.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Microsoft.Owin.Host.SystemWeb, Version=2.0.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a OWIN uses it’s own abstraction to work with response Cookies (Microsoft.Owin.ResponseCookieCollection). This … Read more