AddIdentity vs AddIdentityCore

Question

In ASP.NET Core, you can add various services for identification: AddDefaultIdentity, AddIdentity and AddIdentityCore.

What's the difference between AddIdentity and AddIdentityCore?

Answer 1

AddIdentityCore adds the services that are necessary for user-management actions, such as creating users, hashing passwords, etc. Here's the relevant source:

public static IdentityBuilder AddIdentityCore<TUser>(this IServiceCollection services, Action<IdentityOptions> setupAction)     where TUser : class {     // Services identity depends on     services.AddOptions().AddLogging();      // Services used by identity     services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();     services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();     services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();     services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();          // No interface for the error describer so we can add errors without rev'ing the interface     services.TryAddScoped<IdentityErrorDescriber>();     services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser>>();     services.TryAddScoped<UserManager<TUser>>();      ... } 

Essentially, this boils down to registering an instance of UserManager<TUser>, but first registers all of its dependencies. With these services registered, you can retrieve an instance of UserManager<TUser> from DI and create users, set passwords, change emails, etc.

AddIdentity registers the same services as AddIdentityCore, with a few extras:

• Cookie-based authentication schemes for the application itself, external sign-in (e.g. Facebook and Google), and 2FA.
• The SignInManager, which effectively sits on top of the UserManager as a sort of orchestrator. For example, PasswordSignInAsync uses UserManager to retrieve a user, verify the password (if set) and then takes care of cookie creation.
• AddIdentity itself also takes a TRole and registers the services that are necessary for supporting Roles.

Here's the AddIdentity source for completeness:

public static IdentityBuilder AddIdentity<TUser, TRole>(this IServiceCollection services, Action<IdentityOptions> setupAction)     where TUser : class     where TRole : class {     // Services used by identity     services.AddAuthentication(options =>     {         options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;         options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;         options.DefaultSignInScheme = IdentityConstants.ExternalScheme;     })     .AddCookie(IdentityConstants.ApplicationScheme, o =>     {         o.LoginPath = new PathString("/Account/Login");         o.Events = new CookieAuthenticationEvents         {             OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync         };     })     .AddCookie(IdentityConstants.ExternalScheme, o =>     {         o.Cookie.Name = IdentityConstants.ExternalScheme;         o.ExpireTimeSpan = TimeSpan.FromMinutes(5);     })     .AddCookie(IdentityConstants.TwoFactorRememberMeScheme, o =>     {         o.Cookie.Name = IdentityConstants.TwoFactorRememberMeScheme;         o.Events = new CookieAuthenticationEvents         {             OnValidatePrincipal = SecurityStampValidator.ValidateAsync<ITwoFactorSecurityStampValidator>         };     })     .AddCookie(IdentityConstants.TwoFactorUserIdScheme, o =>     {         o.Cookie.Name = IdentityConstants.TwoFactorUserIdScheme;         o.ExpireTimeSpan = TimeSpan.FromMinutes(5);     });      // Hosting doesn't add IHttpContextAccessor by default     services.AddHttpContextAccessor();          // Identity services     services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();     services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();     services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();     services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();     services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();     // No interface for the error describer so we can add errors without rev'ing the interface     services.TryAddScoped<IdentityErrorDescriber>();     services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>();     services.TryAddScoped<ITwoFactorSecurityStampValidator, TwoFactorSecurityStampValidator<TUser>>();     services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>();     services.TryAddScoped<UserManager<TUser>>();     services.TryAddScoped<SignInManager<TUser>>();     services.TryAddScoped<RoleManager<TRole>>();      ... }