Introduction
There is a new preview version of ASP.NET Identity that was released yesterday. There are two main changes done in this release, support for the Two-Factor Authentication and bug fixes. The alpha1 version of ASP.NET Identity was released in December 2013 and I've already mentioned it in ASP.NET Identity Preview and you can also find various features that are released with that release.
In the same context, in this article you'll learn the features in this new beta1 release of ASP.NET Identity and you'll see how to use it in your application using ASP.NET Identity Samples.
Getting Started
You can have the various new features related to ASP.NET Identity from the NuGet Package Gallery or the Package Manager Console. In the application you can update or install it with the following commands that are used in the Package Manager Console:
- Install-Package Microsoft.AspNet.Identity.EntityFramework -Version 2.0.0-beta1 -Pre
- Install-Package Microsoft.AspNet.Identity.Core -Version 2.0.0-beta1 -Pre
- Install-Package Microsoft.AspNet.Identity.OWIN -Version 2.0.0-beta1 -Pre
- Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta1 -Pre
Well, as I said earlier you can also have these features from the NuGet Package Gallery so that you please make sure to select the "Include Prerelease" option when you search for these.
What's in this release?
As I mentioned above that there are two main changes done in this release, so I am explaining them in the following procedure.
Two-Factor Authentication
The two factor authentication is now available in the ASP.NET Identity. This is used in the application to provide more security for the user account in the case where the password is compromised. There are many websites in which when a user creates the account with a username and the password and sometimes the user provides a weak password that can lead to user accounts being compromised.
So, focusing on the security, it is mandatory to provide the second factor of authentication after entering the username and password by the user. The two factor authentication allows you to authenticate the user with something only a user possesses such as a contact or email id. It is also involves sending the user a code to something that can also accessible by the user like a code sent as a SMS to the user's phone or an email to the user's id. When the user enters the code through the phone or email, it is confirmed that the user is authorized.
Now you can send the code in the phone or email that are the tw0-factor providers by the use of ASP.NET Identity and we can easily configure it to send a text message or email. You can extend and write your own providers such as QR code generators and use the Authenticator apps on phones to validate them.
The user can also manage the two-factor authentication options by enabling or disabling the two-factor authentication in the user account. We can see it in the sample ASP.NET Identity. The user can also have the benefit of choosing the remember option of the two-factor authentication if the device they are accessing the website is a personal device and while logged into the device, they are not asked after verifying the authentication each time. We can also see this in most of the websites in the current scenario.
Indexing on Username
In the ASP.NET Identity Entity Framework implementation there is now a unique index support added to the Username using the new IndexAttribute in the Entity Framrwork 6.1.0- Beta 1. With the use of this, the username is always unique and the user cannot insert the duplicate values for the username.
Enhanced Password Validator
We have already seen in the ASP.NET Identity 1.0 that the password validator only validates the minimum length that is fairly basic validation. Now the password validating is more enhanced with this release with which you have more control over the complexity of the password, as you can see in the following code (Identity Sample Application):
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = false,
RequireDigit = false,
RequireLowercase = false,
RequireUppercase = false,
};
The code defined above is very straight forward. You can find it in the IdentityConfig.cs of the Identity Sample Application that is explained in the following procedure.
Sample of ASP.NET Identity
In this section we'll define and create the sample application of ASP.NET Identity using the following procedure.
Step 1: Open Visual Studio 2013 and click on "New Project".
Step 2: Select the ASP.NET Web Application and enter the name as shown below:
Step 3: Select the Empty Project Template to develop the application as in the following:
Step 4: Open the Package Manager Console and enter the commands defined at the top in here one by one.
After installing the packages, there are many new files and folders added to the project. Have a look:
Step 5: Run the application and you can see the Home Page of application as in the following:
Step 6: Click on the "Register" link to create an account.
As you can in the preceding screenshot, the Email is required for creating an account so that the user can confirm it though the email provided. When you click on Register a demo confirmation page will open as in the following:
Step 7: Click on login to login into the application.
Step 8: Log off from the application.
Issues Fixed in 2.0.0-Alpha1
There are some of features listed below that are fixed in the alpha1 release:
- Account Confirmation
- Password Reset
- Security Token Provider
- Support IQueryable on Users and Roles
- Delete operation from UserManager
Entity Framework 6.1.0-Beta1
The ASP.NET Identity new version 2.0.0-beta1 depends upon the Entity Framework 6.1.0-Beta1 that was also released with this release. I'll define it in my further article.
Summary
This article described the new ASP.NET Identity 2.0.0-Beta1 and Entity Framework 6.1.0-Beta1 release by Microsoft. So just try it and enjoy. Thanks for reading and Stay Updated.