How to customize authentication to my own set of tables in asp.net web api 2?

In the default AccountController created I see

    public AccountController()         : this(Startup.UserManagerFactory(), Startup.OAuthOptions.AccessTokenFormat)     {     }

In Startup.Auth.cs I see

    UserManagerFactory = () =>                  new UserManager<IdentityUser>(new UserStore<IdentityUser>());

Seems like the implementation of UserStore comes from Microsoft.AspNet.Identity.EntityFramework.

So, to customize the authentication do I have to implement my own version of UserStore like

 class MYSTUFFUserStore<IdentityUser> : UserStore<IdentityUser>  {  }

and override the methods and then do this in Startup.Auth.cs

UserManagerFactory = () =>                 new UserManager<IdentityUser>(new MYSTUFFUserStore<IdentityUser>());

I am looking for a correct way to customize the authentication.

How do I create a custom authentication filter in Web API?

To create a custom authentication filter in ASP.NET MVC, we need to create a class by implementing the IAuthenticationFilter Interface. This IAuthenticationFilter interface has 2 methods. Open Visual Studio 2015 or an editor of your choice and create a new project.

How do I create authentication and authorization in Web API?

Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.

What is AspNetUserClaims table?

AspNetUserClaims” table is holding claims assigned to a user. A claim is different from a role because a claim is a key-value pair. You can have a role or not have a role. Claim also provides a value for a specified claim. In a way, it is like an optional property assigned to a user.

Assuming your table is called AppUser, convert your own AppUser domain object to IUser(using Microsoft.AspNet.Identity) like this

using Microsoft.AspNet.Identity; public class AppUser : IUser {     //Existing database fields     public long AppUserId { get; set; }     public string AppUserName { get; set; }     public string AppPassword { get; set; }      public AppUser()     {         this.Id = Guid.NewGuid().ToString();       }      [Ignore]     public virtual string Id { get; set; }              [Ignore]     public string UserName     {         get         {             return AppUserName;         }         set         {             AppUserName = value;         }     } }

Implement the UserStore object like this

using Microsoft.AspNet.Identity; public class UserStoreService           : IUserStore<AppUser>, IUserPasswordStore<AppUser> {     CompanyDbContext context = new CompanyDbContext();      public Task CreateAsync(AppUser user)     {                     throw new NotImplementedException();     }      public Task DeleteAsync(AppUser user)     {         throw new NotImplementedException();     }      public Task<AppUser> FindByIdAsync(string userId)     {         throw new NotImplementedException();     }      public Task<AppUser> FindByNameAsync(string userName)     {         Task<AppUser> task = context.AppUsers.Where(                               apu => apu.AppUserName == userName)                               .FirstOrDefaultAsync();          return task;     }      public Task UpdateAsync(AppUser user)     {         throw new NotImplementedException();     }      public void Dispose()     {         context.Dispose();     }      public Task<string> GetPasswordHashAsync(AppUser user)     {         if (user == null)         {             throw new ArgumentNullException("user");         }          return Task.FromResult(user.AppPassword);     }      public Task<bool> HasPasswordAsync(AppUser user)     {         return Task.FromResult(user.AppPassword != null);     }      public Task SetPasswordHashAsync(AppUser user, string passwordHash)     {         throw new NotImplementedException();     }  }

If you have your own custom password hashing you will also need to implement IPasswordHasher. Below is an example where there is no hashing of the password(Oh no!)

using Microsoft.AspNet.Identity; public class MyPasswordHasher : IPasswordHasher {     public string HashPassword(string password)     {         return password;     }      public PasswordVerificationResult VerifyHashedPassword                   (string hashedPassword, string providedPassword)     {         if (hashedPassword == HashPassword(providedPassword))             return PasswordVerificationResult.Success;         else             return PasswordVerificationResult.Failed;     } }

In Startup.Auth.cs replace

UserManagerFactory = () =>       new UserManager<IdentityUser>(new UserStore<IdentityUser>());

with

    UserManagerFactory = () =>       new UserManager<AppUser>(new UserStoreService()) { PasswordHasher = new MyPasswordHasher() };

In ApplicationOAuthProvider.cs, replace IdentityUser with AppUser

In AccountController.cs, replace IdentityUser with AppUser and delete all the external authentication methods like GetManageInfo and RegisterExternal etc.

How to customize authentication to my own set of tables in asp.net web api 2?

Tags:

asp.net-web-api

asp.net-identity

sunil

People also ask

1 Answers

sunil

Recent Activity

Donate For Us

How to customize authentication to my own set of tables in asp.net web api 2?

Tags:

asp.net-web-api

asp.net-identity

sunil

People also ask

1 Answers

sunil

Related questions

Recent Activity

Donate For Us