Skip to content

Instantly share code, notes, and snippets.

@kylehammond

kylehammond/Identity Overview Notes.md

Last active March 6, 2019 15:30
Show Gist options
  • Save kylehammond/9144084167284245750209dfc8e67422 to your computer and use it in GitHub Desktop.
Save kylehammond/9144084167284245750209dfc8e67422 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Identity Overview Notes.md

#Identity Notes

https://www.youtube.com/watch?v=2SIYclIN2jI

Users, Authentication, and Authorization

Works with OWIN Middleware Claims based system - system stores logins/claims/roles Has NuGet packages

Supports OAuth/OpenID Organizational - AD, Azure AD, O365 - also allows supports SSO

Individual database backed Authentication

What's a claim? - superset of roles - more abstract / atomic - user delivers claims to application - not really for properties about user - key / value

History 2005 Membership - everyone homerolling stuff.. so this helped with that 2012 Universal providers - nuget - supported all databases 2012 Simple Membership - MVC 2013 ASP.NET Identity v1 - all new 2013 ASP.NET Identity v2 - two factor, lockout, reset, etc v3 at least is out by now

Katana + OWIN Identity uses security middleware Microsofts OWIN Implementation is Project Katana for v1, v2 (katana became part of asp.net identity) OWIN defines easy interface for items to communicate (pipeline) - gets a dictionary keyed by string .. like request headers

Managers and stores Managers (UserManager, RoleManager) - high level classes .. operations such as create users.. talks to stores via interface (pluggable) Stores (UserStore, RoleStore) - talks to Data access layer, stores users, roles, and claims

Key components Security Middleware Microsoft.Owin.Security. Microsoft.Owin.Security.Facebook .Google .MicrosoftAccount .OAuth .Twitter Identity Microsoft.AspNet.Identity Microsoft.AspNet.Identity.EntityFramework

Class Overview IdentityUser - IUser
- that's you EmailService/SMSService - IIdentityMessageService - deals with email/text .. 2factor UserManager - APIs to CRUD user, claim & auth info via UserStore RoleManager - APIs to CRUD roles via RoleStore UserStore - IUserStore, IUserLoginStore, IUserClaimStore, IUserRoleStore - Talks to data store to store user, user login providers, user claims, user roles RoleStore - Talks to the data store to store roles SigninManager - High level API to sign user in (single or two factor)

ApplicationUser (inherits IdentityUser)

Simple Class Overview IdentityUser - That's you with your properties - UserName, Email, Email Verified EmailService, SmsService - Notified during 2factor auth ApplicationUserManager - You call this to manage users. Talks to UserStore. SigninManager - You call this to sign-in a user

Demo Basic code gives you register and login code Tables created - AspNetRoles - starts empty - just a name "Accounting" - AspNetUserClaims - claims for the user .. claim type/claim value - AspNetUserLogins - external login providers - AspNetUserRoles - roles/users map - AspNetUsers - password hash - salt (like a seed - to give a hash a different combo)

Files
    Startup.cs
        - OwinStartupAttribute
            - ConfigureAuth called in Startup.Auth.cs
        - Startup.Auth.cs
            - Has reference to App Db Context .. derived from IdentityDbContext
            - Takes in IAppBuilder.. uses extension methods to do things here.. like UseFacebookAuthentication..etc..
            - Tells Owin what to look for 
    IdentityConfig.cs
            - Configure Identity settings
        - AccountController.cs
            - Login/register/etc actions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment