How to Apply ASP.NET Core Identity in ASP.NET Core

January 4, 2018 6 min read
How to Apply ASP.NET Core Identity in ASP.NET Core

Hello Developers, Interesting topic on .NET CORE Identity and also we will discuss a few things about OWIN.

So Let’s Start.

Before starting Core Identity let’s be aware of OWIN.OWIN stands for Open Web Interface. NET.

Now Let’s talk about What is it and the main question Why do we use it?

OWIN defines a standard interface between .NET web servers and web applications.

The goal of the OWIN interface is to decouple server and application, encourage the development of simple modules for .NET web development, and, by being an open standard, stimulate the open-source ecosystem of .NET web development tools.

In technical terms, we use OWIN as a middle layer. For example when you log in to a system that time OWIN is used to check the identity of that user.

Please check following the example of registration using OWIN.


public async Task Register(RegisterViewModel model)
{
	if (ModelState.IsValid)
	{
		var user = new ApplicationUser { UserName = model.UserName };
		var result = await UserManager.CreateAsync(user, model.Password);

		if (result.Succeeded)
		{
			await SignInAsync(user, isPersistent: false);
			return RedirectToAction("Index", "Home");
		}
		else
		{
			AddErrors(result);
		}
	}

	// If we got this far, something failed, redisplay form
	return View(model);
}

In this example, you can see that the create async method is used to create a user.

Now Let’s talk about Core Identity.

ASP.NET Core Identity has some default behaviors that you can override easily in your application’s Startup class.

Required Nuget Package: Microsoft.AspNetCore.Identity.EntityFrameworkCore.

Also Read: How To Add Watermark Text To Images in ASP.NET Using C#

In OWIN They Scaffold functionalities but in Core Identity we need to define it manually in startup class.

What ASP.NET Core Identity Handles in an Application

ASP.NET Core Identity is used when an application needs user accounts, login, logout, password rules, roles, claims, tokens, and account security features.

In real projects, Identity is commonly connected with Entity Framework Core so users, roles, and login-related data can be stored in a database.

This is useful for admin panels, customer portals, internal dashboards, SaaS products, and systems where users need different access levels.

Startup.cs and Program.cs in ASP.NET Core Identity

Older ASP.NET Core projects commonly configured Identity inside Startup.cs. Newer ASP.NET Core projects often place the same setup inside Program.cs.

The application needs to register Identity services, connect Identity with the database store, configure rules, and enable authentication and authorization middleware.

For example


services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
	// Password settings
	options.Password.RequireDigit = true;
	options.Password.RequiredLength = 8;
	options.Password.RequireNonAlphanumeric = true;
	options.Password.RequireUppercase = true;
	options.Password.RequireLowercase = true;
	options.Password.RequiredUniqueChars = 2;
})
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();

In this example, you can see that there is a password validation.

When You set this in the configuration method of StartUp Class it will check when you sign in or register.

There is an also following functionality:

  • Two Factor Authentications for Authenticate using Pass Code
  • Configure Cookie Settings
  • Username Verification
  • Lockout Functionalities

These functionalities are based on the current version of ASP.NET Core 2.0.

Common ASP.NET Core Identity Options Developers Configure

Password settings are only one part of ASP.NET Core Identity. Developers often configure lockout, cookie behavior, sign-in rules, role access, token providers, and custom user fields.

Identity settings should match the application type. A small internal dashboard and a multi-user SaaS product should not always use the same setup.

Role-Based Authorization with ASP.NET Core Identity

ASP.NET Core Identity can be used with roles to control which users can access specific parts of an application.

For example, an admin dashboard can be restricted so only users with the Admin role can access it.


[Authorize(Roles = "Admin")]
public IActionResult AdminDashboard()
{
	return View();
}

Role-based authorization is useful for admin panels, customer portals, internal tools, SaaS dashboards, and applications where users should not all have the same permissions.

Common Mistakes While Setting Up ASP.NET Core Identity

Developers may face issues with ASP.NET Core Identity when the setup is not configured correctly. Some common mistakes include:

  • Missing authentication middleware
  • Wrong middleware order
  • Wrong database context
  • Password rules that are too strict for the application
  • Wrong role name used in authorization
  • Custom user fields not saved properly
  • Failed login and lockout handling not clearly configured

When debugging Identity issues, check the full flow step by step: service registration, database setup, middleware order, user creation, login, role assignment, and access control.

FAQs

What are the benefits of ASP.NET Core Identity?

Yes, there are some benefits to it please Check the Following.

  • ASP.NET Core Identity supports all types of ASP.NET Core applications like Web Forms, MVC, Web API, SignalR or web pages. No need to learn different methods for MVC and Web Forms. Now one membership system supports all kinds of ASP.NET applications.
  • The new ASP.NET Core Identity system is easy to customize. You can add new fields to the user profile in no time.
  • ASP.NET Core Identity is designed based on interfaces which means highly customizable. If you don’t like one part of the system, you can replace it with your object.
  • The default implementation uses the Entity Framework code first. Since database schema is in your hands, you can easily change table names, primary keys, data types, etc.
  • By default, the system uses a SQL Server database. You can change that and use Oracle, MySQL, SharePoint, NoSql, Windows Azure Active Directory, and practically any other database.
  • ASP.NET Core Identity is highly testable. When MVC was introduced, one of the intentions was to enable unit testing in a web application. But, SimpleMembership still could not be tested. ASP.NET Core Identity resolves this problem too, and now all parts of the ASP.NET Core web application, including the membership system, are unit-testable.

Do you have any Good References?

  • Configure ASP.NET Core Identity (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?tabs=aspnetcore2x&view=aspnetcore-2.2)
  • ASP.NET Core MVC – Authentication And Role-Based Authorization With ASP.NET Core Identity (https://www.c-sharpcorner.com/article/asp-net-core-mvc-authentication-and-role-based-authorization-with-asp-net-core/)

What is ASP.NET Core Identity?

ASP.NET Core Identity is the built-in membership system for ASP.NET Core applications. It helps manage users, passwords, roles, claims, tokens, account lockout, and login-related security features.

Is ASP.NET Core Identity only for MVC applications?

No. It can be used with MVC, Razor Pages, and Web API projects. The setup depends on how authentication is handled in the application.

Where is ASP.NET Core Identity configured?

In older projects, it is usually configured in Startup.cs. In newer projects, it is commonly configured in Program.cs.

What is the difference between authentication and authorization?

Authentication checks who the user is. Authorization checks what that user is allowed to access after login.

Can ASP.NET Core Identity support roles?

Yes. Developers can create roles such as Admin, User, Manager, or Staff and restrict pages, controllers, or actions based on those roles.

Can ASP.NET Core Identity be customized?

Yes. Developers can customize user profile fields, password rules, lockout behavior, cookie settings, token providers, database schema, roles, and claims.

I hope this article will be helpful to you.

Thank you…!!

Chintan Prajapati
Article by

Chintan Prajapati

Chintan Prajapati is the Founder and CEO of Satva Solutions and a seasoned computer engineer with over two decades of experience in the software industry. His expertise spans Accounting & ERP Integrations, Robotic Process Automation, and the development of technology solutions built around leading ERP and accounting platforms with a particular focus on responsible AI and machine learning in fintech.Chintan holds a BE in Computer Engineering and carries an impressive roster of certifications, including Microsoft Certified Professional, Microsoft Certified Technology Specialist, Certified Azure Solution Developer, Certified Intuit Developer, Certified QuickBooks ProAdvisor, and Xero Developer.Over the course of his career, he has made a measurable impact on the accounting industry consulting on and delivering integration and automation solutions that have collectively saved thousands of man-hours. His writing aims to offer readers practical, insight-driven advice on harnessing technology to unlock greater business efficiency.When he steps away from the desk, Chintan can be found trekking through mountain trails or watching birds in the wild. Grounded in the philosophy of delivering the highest value to clients, he continues to champion innovation and excellence in digital transformation from his home base in Ahmedabad, India.