asp.net-core-identity

.NetCore JwtBearerAuthentication not rejecting expired tokens

by

I stumbled over the answer here if anyone is interested. Default value for ClockSkew is 5 minutes. app.UseJwtBearerAuthentication(new JwtBearerOptions() { AutomaticAuthenticate = true, AutomaticChallenge = true, TokenValidationParameters = new TokenValidationParameters() { ValidIssuer = Configuration[“Tokens:Issuer”], ValidAudience = Configuration[“Tokens:Audience”], ValidateIssuerSigningKey = true, IssuerSigningKey = new Certificate(certPath: Configuration[“Tokens:Certificate”], isValid: false).SecurityKey, ValidateLifetime = true, ValidateIssuer = true, ValidateAudience = … Read more

How should I access my ApplicationUser properties from ASP.NET Core Views?

by

Update to original answer: (This violates the op’s first requirement, see my original answer if you have the same requirement) You can do it without modifying the claims and adding the extension file (in my original solution) by referencing FullName in the Razor View as: @UserManager.GetUserAsync(User).Result.FullName Original Answer: This is pretty much just a shorter … Read more

Using AspNetUserTokens table to store refresh token in ASP.NET Core Web Api

by

I’ll answer your question directly then propose an alternative. You can Remove, Set, Get, and Validate tokens with the AspNetUserTokens table. However, you can probably skip the db and I’ll describe that below. The following methods of the UserManager will generate and store: await _userManager.RemoveAuthenticationTokenAsync(user, “MyApp”, “RefreshToken”); var newRefreshToken = await _userManager.GenerateUserTokenAsync(user, “MyApp”, “RefreshToken”); await … Read more

UserManager.CheckPasswordAsync vs SignInManager.PasswordSignInAsync

by

The two methods you’ve mentioned serve different purposes: 1. UserManager.CheckPasswordAsync This method hashes the provided password and compares it against the existing password hash (stored in the database, for example). 2. SignInManager.PasswordSignInAsync This method does a lot more. Here’s a rough breakdown: Checks whether sign-in is allowed. For example, if the user must have a … Read more

How to load navigation properties on an IdentityUser with UserManager

by

Unfortunately, you have to either do it manually or create your own IUserStore<IdentityUser> where you load related data in the FindByEmailAsync method: public class MyStore : IUserStore<IdentityUser>, // the rest of the interfaces { // … implement the dozens of methods public async Task<IdentityUser> FindByEmailAsync(string normalizedEmail, CancellationToken token) { return await context.Users .Include(x => x.Address) … Read more

.NET Core 2.1 Identity get all users with their associated roles

by

I have now implemented the following solution. As CodeNotFound pointed out in the comments, IdentityUser used to have a Roles property. This is no longer the case in .NET Core. This comment/issue on GitHub seems to be the current solution for .Net Core. I have attempted to implemented it with the following code: ApplicationUser public … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)