Your official information source from the .NET Web Development and Tools group at Microsoft.
Today, we are releasing a preview of ASP.NET Identity. The main focus in this release was to fix issues with the 1.0 release and build upon the 1.0 Framework to add more features such as Account Confirmation, Password Reset etc. Please read the known issues section below before trying out this preview.
You can download ASP.NET Identity as preview NuGet packages from the NuGet gallery. You can install or update to these pre-release packages through NuGet using the NuGet Package Manager Console, like this:
Please remember to select the “Include Prerelease” option when searching for packages using the NuGet Package Manager or the Package Manager Console. For more information on how to install pre-release packages please read http://docs.nuget.org/docs/Reference/Versioning#Prerelease_Versions and http://docs.nuget.org/docs/release-notes/nuget-1.7#Show_prerelease_packages_in_the_Manage_NuGet_packages_dialog
Following is the list of features and major issues that were fixed.
The ASP.NET Identity system now supports Account Confirmation. This is a fairly common scenario in most websites today where when you register for a new account on the website, you are required to confirm your email before you could do anything in the website. Email Confirmation is useful because it prevents bogus accounts from being created. This is extremely useful if you are using email as a method of communicating with the users of your website such as Forum sites, banking, ecommerce, social web sites.
Note: To send emails you can configure SMTP Server or use some of the popular email services such as SendGrid (http://sendgrid.com/windowsazure.html) which integrate nicely with Windows Azure and require no configuration on the application developer
In the sample project below, you need to hook up the Email service for sending emails. You will not be able to reset your password until you confirm your account
Password Reset is a feature where the user can reset their passwords if they have forgotten their password.
Support a way to regenerate the Security Token for the user in cases when the User changes there password or any other security related information such as removing an associated login(such as Facebook, Google, Microsoft Account etc). This is needed to ensure that any tokens generated with the old password are invalidated. In the sample project, if you change the users password then a new token is generated for the user and any previous tokens are invalidated. This feature provides an extra layer of security to your application since when you change your password, you will be logged out from everywhere (all other browsers) where you have logged into this application.
You can configure this in Startup.Auth.cs as follows. You can specify how often should the OWIN cookie middleware check if the Security Token for the current user is valid. This is in the sample project listed below.
In 1.0 the type of PK for Users and Roles was strings. This means when the ASP.NET Identity system was persisted in Sql Server using Entity Framework, we were using nvarchar. There were lots of discussions around this default implementation on Stack Overflow and based on the incoming feedback, we have provided an extensibility hook where you can specify what should be the PK of your Users and Roles table. This extensibility hook is particularly useful if you are migrating your application and the application was storing UserIds are GUIDs or ints.
Since you are changing the type of PK for Users and Roles, you need to plug in the corresponding classes for Claims, Logins which take in the correct PK. Following is a snippet of code which shows how you can change the PK to be int
We have added support for IQueryable on UsersStore and RolesStore so you can easily get the list of Users and Roles.
For eg. the following code uses the IQueryable and shows how you can get the list of Users from UserManager. You can do the same for getting list of Roles from RoleManager
In 1.0, if you had to delete a User, you could not do it through the UserManager. We have fixed this issue in this release so you can do the following to delete a user
You can use Factory implementation to get an instance of UserManager from the OWIN context. This pattern is similar to what we use for getting AuthenticationManager from OWIN context for SignIn and SignOut. This is a recommended way of getting an instance of UserManager per request for the application.
Following snippet of code shows how you can configure this middleware in StartupAuth.cs. This is in the sample project listed below.
Following snippet of code shows how you can get an instance of UserManager
ASP.NET Identity uses EntityFramework for persisting the Identity system in Sql Server. To do this the Identity System has a reference to the ApplicationDbContext. The DbContextFactory Middleware returns you an instance of the ApplicationDbContext per request which you can use in your application.
Following code shows how you can configure it in StartupAuth.cs. The code for this middleware is in the sample project.
As part of these new features such as Account Confirmation and Password Reset, we have added two new properties to the IdentityUser class namely ‘Email’ and ‘IsConfirmed’. This results in a change of the schema created by the ASP.NET Identity system in 2.0. Updating the packages to 2.0 in an existing application (which was using 1.0) will cause the application to fail since the underlying Entity Framework model has been changed. You need to update your database schema to use the 2.0 features. This can be done using Entity Framework migrations. For more details on how to update your application from 1.0 to 2.0, please visit this detailed blog post http://blogs.msdn.com/b/webdev/archive/2013/12/20/updating-asp-net-applications-from-asp-net-identity-1-0-to-2-0-0-alpha1.aspx
This is an area of migration which we are trying to see if we can provide a better story before we release the final version. Since the new features requires database schema updates, there is a user action involved to update the database manually. It is due to this reason that we have updated the package version to 2.0.0 as per SemVer guidelines, since on installing this version will break existing applications and you have to update the database schema.
ASP.NET Identity 2.0.0-alpha1 depends upon EntityFramework 6.1.0-alpha1 which was also released today (http://blogs.msdn.com/b/adonet/archive/2013/12/20/ef-6-1-alpha-1-available.aspx) since in EntityFramework 6.1.0-alpha1, there were bug fixes which helped in improving the migration scenario from Identity 1.0 – 2.0
We still have many bugs to fix and a few features to add before we release the final RTM version so do expect a few more previews in the coming months. You can check our roadmap at https://aspnetidentity.codeplex.com/wikipage?title=Roadmap
Thank You for trying out the preview and your feedback for ASP.NET
Awesome! You guys rock! Thank you for the new enhancements and for listening so well to the community. Happy Holidays!
Nice update. Those interested in database-first development, check out this ASP.NET Identity provider template:
I am particularly interested in the part where you say "To send emails you can configure SMTP Server or use some of the popular email services such as SendGrid (sendgrid.com/windowsazure.html) which integrate nicely with Windows Azure and require no configuration on the application developer".
Does this mean that we can use this authentication model to enable a user to log into an ASP.NET application using Windows Live and then delegate that authentication across to outlook.com to allow sending emails via SMTP?
If this is the case, I could you provide an example as to how it would work as this would resolve an issue I currently have with an ASP.NET application that requires the user to be able to send emails to clients.
Nice job you have done on this blog..
How about a sample project in MVC with these features?
I know we keep asking stuff, but hey, it's Christmas! :)
Looks very promising! Glad to see traction on this. Looking forward to the RTM.
Oh my God, it took me two days to remove version 1 and refactor my code to use Simplemembership before I know about this release.
@Martin When you use SendGrid or any other Email service then, you do not have to setup SMTP on your server.
If your email is hosted on outlook.com then you can configure the SMTP service to use Outlook to send emails.
User authentication is entirely different from sending emails
@Nelson The current sample is using Web Forms but it illustrates the same concepts. We will eventually be posting more samples online
Problem with the nugets packages ?
Isn't their a mismatch in what is in the package ?
I installed (2 times to check) as indicated the
Install-Package Microsoft.AspNet.Identity.EntityFramework –Version 2.0.0-alpha1 –Pre
Install-Package Microsoft.AspNet.Identity.Core -Version 2.0.0-alpha1 –Pre
Install-Package Microsoft.AspNet.Identity.OWIN -Version 2.0.0-alpha1 –Pre
but I get unsolved methods and properties as for UserManagerOptions which is unknown.
When I look to Definition in VS for UseUserManagerFactory, it brings something from v1 ??
#region Assembly Microsoft.AspNet.Identity.Owin.dll, v18.104.22.168
Got it working for part, someproblems when using an int Key are that the SQL Server Tables were not correctly built: the new int Primary Key was not created as Identity (even with the flags sets in migration).
Next problem is trying to generate a bearer token, which was working perfectly, now it crashes in
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
using (MyUserManager userManager = context.OwinContext.GetUserManager<MyUserManager>())
DatwendoUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
context.SetError("invalid_grant", "The user name or password is incorrect.");
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,context.Options.AuthenticationType); seems to throw an exception?
In the account controllers Register when I try:
string code = UserManager.GetConfirmationToken(user.Id.ToString());
I get the following error: No ITokenProvider is registered.
I can I get a confirmation token that I can use in my confirmation email?
When I try in the Register method of the account controller to do:
var code = UserManager.GetConfirmationToken(user.Id);
I get the following error:
No ITokenProvider is registered.
How do we get the confirmation code to send via email?
This stackoverflow question provided the answers needed to get the token to work: stackoverflow.com/.../how-to-implement-a-tokenprovider-in-asp-net-identity-1-1-nightly-build
Will it have username as email feature?
When will the mvc template for 2.0 be released to vs?
Can you please proof read your article and correct the typos. My God, I can forgive one or two but they are everywhere.