asp.net-identity – Page 12

How to get current user, and how to use User class in MVC5?

November 14, 2022 by Tarik

If you’re coding in an ASP.NET MVC Controller, use using Microsoft.AspNet.Identity; … User.Identity.GetUserId(); Worth mentioning that User.Identity.IsAuthenticated and User.Identity.Name will work without adding the above mentioned using statement. But GetUserId() won’t be present without it. If you’re in a class other than a Controller, use HttpContext.Current.User.Identity.GetUserId(); In the default template of MVC 5, user ID … Read more

ASP.NET_SessionId + OWIN Cookies do not send to browser

November 12, 2022 by Tarik

I have encountered the same problem and traced the cause to OWIN ASP.NET hosting implementation. I would say it’s a bug. Some background My findings are based on these assembly versions: Microsoft.Owin, Version=2.0.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Microsoft.Owin.Host.SystemWeb, Version=2.0.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a OWIN uses it’s own abstraction to work with response Cookies (Microsoft.Owin.ResponseCookieCollection). This … Read more

Unauthorised webapi call returning login page rather than 401

October 21, 2022 by Tarik

Brock Allen has a nice blog post on how to return 401 for ajax calls when using Cookie authentication and OWIN. http://brockallen.com/2013/10/27/using-cookie-authentication-middleware-with-web-api-and-401-response-codes/ Put this in ConfigureAuth method in the Startup.Auth.cs file: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/Account/Login”), Provider = new CookieAuthenticationProvider { OnApplyRedirect = ctx => { if (!IsAjaxRequest(ctx.Request)) { ctx.Response.Redirect(ctx.RedirectUri); … Read more

Adding ASP.NET MVC5 Identity Authentication to an existing project

October 20, 2022 by Tarik

Configuring Identity to your existing project is not hard thing. You must install some NuGet package and do some small configuration. First install these NuGet packages with Package Manager Console: PM> Install-Package Microsoft.AspNet.Identity.Owin PM> Install-Package Microsoft.AspNet.Identity.EntityFramework PM> Install-Package Microsoft.Owin.Host.SystemWeb Add a user class and with IdentityUser inheritance: public class AppUser : IdentityUser { //add your … Read more

How to get current user in asp.net core

October 19, 2022 by Tarik

User.FindFirst(ClaimTypes.NameIdentifier).Value EDIT for constructor Below code works: public Controller(IHttpContextAccessor httpContextAccessor) { var userId = httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value } Edit for RTM You should register IHttpContextAccessor: public void ConfigureServices(IServiceCollection services) { services.AddHttpContextAccessor(); }

ASP.NET Identity’s default Password Hasher – How does it work and is it secure?

October 17, 2022 by Tarik

Here is how the default implementation (ASP.NET Framework or ASP.NET Core) works. It uses a Key Derivation Function with random salt to produce the hash. The salt is included as part of the output of the KDF. Thus, each time you “hash” the same password you will get different hashes. To verify the hash the … Read more

What is ASP.NET Identity’s IUserSecurityStampStore interface?

October 15, 2022 by Tarik

This is meant to represent the current snapshot of your user’s credentials. So if nothing changes, the stamp will stay the same. But if the user’s password is changed, or a login is removed (unlink your google/fb account), the stamp will change. This is needed for things like automatically signing users/rejecting old cookies when this … Read more

What is the claims in ASP .NET Identity

October 15, 2022 by Tarik

what does claim mechanism means in new ASP.NET Identity Core? There are two common authorization approaches that are based on Role and Claim. Role-Based Security A user gets assigned to one or more roles through which the user gets access rights. Also, by assigning a user to a role, the user immediately gets all the … Read more

ASP.NET Identity DbContext confusion

October 14, 2022 by Tarik

I would use a single Context class inheriting from IdentityDbContext. This way you can have the context be aware of any relations between your classes and the IdentityUser and Roles of the IdentityDbContext. There is very little overhead in the IdentityDbContext, it is basically a regular DbContext with two DbSets. One for the users and … Read more

Where are the Login and Register pages in an AspNet Core scaffolded app?

October 11, 2022 by Tarik

It was announced during the preview of asp.net core 2.1 that the Identity UI would be moved to a new Razor Class Library. https://blogs.msdn.microsoft.com/webdev/2018/03/02/aspnetcore-2-1-identity-ui/ It is still possible to scaffold the Identity Views into your own project if you prefer local views: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.1&tabs=visual-studio