Introduction
Today, in this article you will learn that the final version of ASP.NET Identity is released with its new version 2.0.0. Now you can get the benefit of more security features, account management features and as well as address feedback from the community with the use of this release.
Download
We can easily get this new ASP.NET Identity from the NuGet gallery. We can run the following commands in the Package Manager Console:
- Install-Package Microsoft.AspNet.Identity.EntityFramework -Version 2.0.0
- Install-Package Microsoft.AspNet.Identity.Core -Version 2.0.0
- Install-Package Microsoft.AspNet.Identity.OWIN -Version 2.0.0
Sample
We can use the following command to see the changes in the release:
- Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta2 -Pre
Note: The Identity Sample should be installed in the Empty Project Template.
What's New
The following features were fixed in this release.
Two-Factor Authentication
ASP.NET Identity now provides two-factor authentication, in other words there is an extra security layer available for the user accounts. Now we can use a SMS service for sending codes and use email as well because sometimes the user does not share the contact.
Now, if the user enters an incorrect code for a specified amount of time then the account will be locked out for a specific time.
Account Lockout
The user account will be locked for a specified amount of time, if the user enters the password and two factor codes incorrectly. The number of invalid attempts and the specified amount of time for the user are locked out can be configurable. The developer can also turn off this feature.
Account Confirmation
The account confirmation is now possible in the ASP.NET Identity by confirming the email of the user. Most websites use this feature when creating a new account, you are required to confirm your email before you could use that website. This is a very efficient feature because it prevents fictitious accounts from being created.
Security Stamp
Support a way to regenerate the Security Stamp for the user in case when the user changes their password and any other information like removing a social login such as Facebook, Google. This is needed to ensure that any tokens generated with the old password are invalidated. With the use of this feature the application is more secured since when you change the password , you will be logged out of everywhere you have logged into the application.
We can also configure this to sign out from all places where you have logged in from, we can configure it in the Startup.cs file by registering a CookiedAuthenticationProvider as in the following code:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Extensibility of Primary Key for Users and Roles
The primary key for users and role types is a string in the version 1.0 and in the Identity system that was preserved in the SQL Server using the Entity Framework we use the nvarchar. Now in this the Visual Studio team has provided an extensibility hook where we can specify what should be the pk of the users and roles table.
IQueryable Support for Users and Roles
The IQueryable support was added for Users and Roles so that we can easily get the Users and Roles list. For example review the following code of UserAdminController.cs:
// GET: /Users/
public async Task<ActionResult> Index()
{
return View(await UserManager.Users.ToListAsync());
}
Delete User Account
We cannot delete the user from the UserManager in version 1.0 but this issue has been fixed in this version. Review the following code:
var result = await UserManager.DeleteAsync(user);
IdentityFactory Middleware/CreatePerOwinContext
UserManager
Now we can use the Factory Implementation to get an instance of UserManager from the OWIN context. You can review the following code showing how to configure middleware in the Startup.cs file:
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
DbContext
The ASP.NET Identity uses the EntityFramework for preserving the identity system in the SQL Server. The Identity System has the reference of the ApplicationDbContext to perform this.
app.CreatePerOwinContext(ApplicationDbContext.Create);
EntityFramework 6.1.0
The latest version of Entity Framework version 6.1.0 is now supportable by the ASP.NET Identity. You can see that in the following screenshot in which the application has the Identity Sample:
![Packages Configuration File]()
Summary
This article has explained that the new RTM version of ASP.NET Identity is available and you can check out the various features released with this new version. Thanks for reading and Stay Updated.