Your official information source from the .NET Web Development and Tools group at Microsoft.
Today, we are releasing a preview ASP.NET Identity 2.1.0-alpha1. The main focus in this release was to fix bugs and add SignInManager to make it easier to use security features for login.
You can download ASP.NET Identity from the NuGet gallery. You can install or update to these packages through NuGet using the NuGet Package Manager Console, like this:
Following is the list of features and major issues that were fixed in 2.1.0-alpha1.
SignInManager makes it easier to add Two-Factor authentication, account lockout and other security features when you login. Earlier in your application code you had to keep track of how many times had the user incorrectly attempted a login and update the count to track whether the account should be locked out or not. The same logic will used when entering the verification code when doing two-factor authentication. If you incorrectly enter the code then your account will be locked out for some time. All these values for account lockout are configurable.
In the samples package that we had for 2.0 the SignInManager was in the application code and now we have moved it into the Framework.
The following tutorials cover account confirmation and two-factor authentication (including account lockout)
Following screenshot show the login code of an application which uses two-factor authentication and account lockout.
You can look at all the bugs that were fixed in this release by clicking here.
This is a compatible release with 2.0.0 and there are no schema updates so you should be able to update to this version without anything being broken.
Thank You for trying out the preview and your feedback for ASP.NET Identity. Please let us know your feedback around ASP.NET Identity
Awesome, ASP.NET Identity is one of the best ASP.NET membership systems
Awesome. Keep up the good work.
The email validation on the registration process doesn't actually do anything. You can register, never navigate to the confirm email page, and then immediately log in with the unconfirmed account. The SignInManager still returns "Success" even though the login should fail.
This is a welcome release, especially the account lockout bits. Any details on when you expect to release 2.1?
@Dave: That is mostly an app scenario where you do not let unconfirmed users to login. The sample application chooses to do that since username and email are the same. You can change it accordingly
I just want to say Thanks you for yours good work.
It is not a bad idea to bake some of the "captcha" related features into the framework itself. More than 50% of applications need this feature while registering users.
Default primary key should be INT instead of GUID. Using GUID may not be a practical option in many real world applications. Storage and performance will become an immediate issue very quickly even in a medium sized application.
Many applications refer to this userid in many parts of the application such as created by, modified by, approved by, removed by etc.
You can customize the PK that you want to use in your application. For a sample please see this
You can easily add Captcha to your application