Menu
In the default AccountController created I see
public AccountController() : this(Startup.UserManagerFactory(), Startup.OAuthOptions.AccessTokenFormat) { } In Startup.Auth.cs I see
UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>()); Seems like the implementation of UserStore comes from Microsoft.AspNet.Identity.EntityFramework.
So, to customize the authentication do I have to implement my own version of UserStore like
class MYSTUFFUserStore<IdentityUser> : UserStore<IdentityUser> { } and override the methods and then do this in Startup.Auth.cs
UserManagerFactory = () => new UserManager<IdentityUser>(new MYSTUFFUserStore<IdentityUser>()); I am looking for a correct way to customize the authentication.
623
To create a custom authentication filter in ASP.NET MVC, we need to create a class by implementing the IAuthenticationFilter Interface. This IAuthenticationFilter interface has 2 methods. Open Visual Studio 2015 or an editor of your choice and create a new project.
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
AspNetUserClaims” table is holding claims assigned to a user. A claim is different from a role because a claim is a key-value pair. You can have a role or not have a role. Claim also provides a value for a specified claim. In a way, it is like an optional property assigned to a user.
Assuming your table is called AppUser, convert your own AppUser domain object to IUser(using Microsoft.AspNet.Identity) like this
using Microsoft.AspNet.Identity; public class AppUser : IUser { //Existing database fields public long AppUserId { get; set; } public string AppUserName { get; set; } public string AppPassword { get; set; } public AppUser() { this.Id = Guid.NewGuid().ToString(); } [Ignore] public virtual string Id { get; set; } [Ignore] public string UserName { get { return AppUserName; } set { AppUserName = value; } } } Implement the UserStore object like this
using Microsoft.AspNet.Identity; public class UserStoreService : IUserStore<AppUser>, IUserPasswordStore<AppUser> { CompanyDbContext context = new CompanyDbContext(); public Task CreateAsync(AppUser user) { throw new NotImplementedException(); } public Task DeleteAsync(AppUser user) { throw new NotImplementedException(); } public Task<AppUser> FindByIdAsync(string userId) { throw new NotImplementedException(); } public Task<AppUser> FindByNameAsync(string userName) { Task<AppUser> task = context.AppUsers.Where( apu => apu.AppUserName == userName) .FirstOrDefaultAsync(); return task; } public Task UpdateAsync(AppUser user) { throw new NotImplementedException(); } public void Dispose() { context.Dispose(); } public Task<string> GetPasswordHashAsync(AppUser user) { if (user == null) { throw new ArgumentNullException("user"); } return Task.FromResult(user.AppPassword); } public Task<bool> HasPasswordAsync(AppUser user) { return Task.FromResult(user.AppPassword != null); } public Task SetPasswordHashAsync(AppUser user, string passwordHash) { throw new NotImplementedException(); } } If you have your own custom password hashing you will also need to implement IPasswordHasher. Below is an example where there is no hashing of the password(Oh no!)
using Microsoft.AspNet.Identity; public class MyPasswordHasher : IPasswordHasher { public string HashPassword(string password) { return password; } public PasswordVerificationResult VerifyHashedPassword (string hashedPassword, string providedPassword) { if (hashedPassword == HashPassword(providedPassword)) return PasswordVerificationResult.Success; else return PasswordVerificationResult.Failed; } } In Startup.Auth.cs replace
UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>()); with
UserManagerFactory = () => new UserManager<AppUser>(new UserStoreService()) { PasswordHasher = new MyPasswordHasher() }; In ApplicationOAuthProvider.cs, replace IdentityUser with AppUser
In AccountController.cs, replace IdentityUser with AppUser and delete all the external authentication methods like GetManageInfo and RegisterExternal etc.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With