Custom Authentication in ASP Net-Core

Question

I am working on a web app that needs to integrate with an existing user database  I would still like to use the  Authorize  attributes  but I don t want to use the Identity framework  If I did want to use the Identity framework I would add something like this in the startup cs file   services AddIdentity lt ApplicationUser  IdentityRole gt  options   gt        options Password RequireNonLetterOrDigit   false     AddEntityFrameworkStores lt ApplicationDbContext gt       AddDefaultTokenProviders      I m assuming I have to add something else there  and then create some kind of class that implements a specific interface  Can somebody point me in the right direction  I m using RC1 of of asp net 5 right now

User · Answer

I would like to add something to brilliant @AmiNadimi answer for everyone who going implement his solution in .NET Core 3:

First of all, you should change signature of SignIn method in UserManager class from:

public async void SignIn(HttpContext httpContext, UserDbModel user, bool isPersistent = false)

to:

public async Task SignIn(HttpContext httpContext, UserDbModel user, bool isPersistent = false)

It's because you should never use async void, especially if you work with HttpContext. Source: Microsoft Docs

The last, but not least, your Configure() method in Startup.cs should contains app.UseAuthorization and app.UseAuthentication in proper order:

if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllerRoute(
        name: "default",
        pattern: "{controller=Home}/{action=Index}/{id?}");
});

User · Answer

Creating custom authentication in ASP NET Core can be done in a variety of ways  If you want to build off existing components  but don t want to use identity   checkout the  Security  category of docs on docs asp net  https   docs asp net en latest security index html  Some articles you might find helpful   Using Cookie Middleware without ASP NET Identity  Custom Policy-Based Authorization  And of course  if that fails or docs aren t clear enough  the source code is at https   github com dotnet aspnetcore tree master src Security which includes some samples

User · Answer

Manish Jain  I suggest to implement the method with boolean return  public class UserManager           Additional code here                     public async Task lt bool gt  SignIn HttpContext httpContext  UserDbModel user                   Additional code here                            Here the real authentication against a DB or Web Services or whatever          if  user Email    null              return false                               ClaimsIdentity identity   new ClaimsIdentity this GetUserClaims dbUserData   CookieAuthenticationDefaults AuthenticationScheme           ClaimsPrincipal principal   new ClaimsPrincipal identity               This is for give the authentication cookie to the user when authentication condition was met         await httpContext SignInAsync CookieAuthenticationDefaults AuthenticationScheme  principal           return true

User · Answer

From what I learned after several days of research  Here is the Guide for ASP  Net Core MVC 2 x Custom User Authentication  In Startup cs    Add below lines to ConfigureServices method    public void ConfigureServices IServiceCollection services     services AddAuthentication      CookieAuthenticationDefaults AuthenticationScheme   AddCookie CookieAuthenticationDefaults AuthenticationScheme      options   gt                options LoginPath     Account Login           options LogoutPath     Account Logout                services AddMvc            authentication      services AddAuthentication options   gt               options DefaultScheme   CookieAuthenticationDefaults AuthenticationScheme               services AddTransient          m   gt  new UserManager              Configuration                  GetValue lt string gt                       DEFAULT CONNECTIONSTRING   this is a string constant                                                 services AddDistributedMemoryCache        keep in mind that in above code we said that if any unauthenticated user requests an action which is annotated with  Authorize    they well force redirect to  Account Login url   Add below lines to Configure method    public void Configure IApplicationBuilder app  IHostingEnvironment env        if  env IsDevelopment                  app UseDeveloperExceptionPage            app UseBrowserLink            app UseDatabaseErrorPage              else               app UseExceptionHandler ERROR URL              app UseStaticFiles         app UseAuthentication         app UseMvc routes   gt                routes MapRoute              name   default               template  DEFAULT ROUTING               Create your UserManager class that will also manage login and logout  it should look like below snippet  note that i m using dapper    public class UserManager       string  connectionString       public UserManager string connectionString                 connectionString   connectionString             public async void SignIn HttpContext httpContext  UserDbModel user  bool isPersistent   false                using  var con   new SqlConnection  connectionString                         var queryString    sp user login               var dbUserData   con Query lt UserDbModel gt                   queryString                  new                                       UserEmail   user UserEmail                      UserPassword   user UserPassword                      UserCellphone   user UserCellphone                                    commandType  CommandType StoredProcedure               FirstOrDefault                 ClaimsIdentity identity   new ClaimsIdentity this GetUserClaims dbUserData   CookieAuthenticationDefaults AuthenticationScheme               ClaimsPrincipal principal   new ClaimsPrincipal identity                await httpContext SignInAsync CookieAuthenticationDefaults AuthenticationScheme  principal                        public async void SignOut HttpContext httpContext                await httpContext SignOutAsync               private IEnumerable lt Claim gt  GetUserClaims UserDbModel user                List lt Claim gt  claims   new List lt Claim gt              claims Add new Claim ClaimTypes NameIdentifier  user Id   ToString              claims Add new Claim ClaimTypes Name  user UserFirstName            claims Add new Claim ClaimTypes Email  user UserEmail            claims AddRange this GetUserRoleClaims user            return claims             private IEnumerable lt Claim gt  GetUserRoleClaims UserDbModel user                List lt Claim gt  claims   new List lt Claim gt              claims Add new Claim ClaimTypes NameIdentifier  user Id   ToString              claims Add new Claim ClaimTypes Role  user UserPermissionType ToString              return claims            Then maybe you have an AccountController which has a Login Action that should look like below    public class AccountController   Controller       UserManager  userManager       public AccountController UserManager userManager                 userManager   userManager              HttpPost      public IActionResult LogIn LogInViewModel form                if   ModelState IsValid              return View form            try                         authenticate             var user   new UserDbModel                                 UserEmail   form Email                  UserCellphone   form Cellphone                  UserPassword   form Password                             userManager SignIn this HttpContext  user                return RedirectToAction  Search    Home   null                       catch  Exception ex                         ModelState AddModelError  summary   ex Message               return View form                        Now you are able to use  Authorize  annotation on any Action or Controller   Feel free to comment any questions or bug s

[c#] Custom Authentication in ASP.Net-Core

Examples related to c#

Examples related to asp.net

Examples related to authentication

Examples related to asp.net-core

Examples related to asp.net-core-mvc