So, it's been a while since I've posted here, but I had to break my tradition of "not posting." Recently I've had the opportunity to work in a greenfield project, a rewrite of an existing product, and it is allowing me to fix a lot of the issues I've had with our old code base, the first being membership.
Previously, we were using ASP.NET Membership Provider, heavily customized with some profile data and custom authentication and authorization logic. In our implementation, authentication and authorization were tightly coupled making it near-impossible to change. Microsoft's newest Identity Provider is billed at being easier to extend and customize than the prevous Membership Provider. Version 1.0 of Identity Provider was a bit of a disappointment to many because it did not include things such as: Password Reset, advanced Password Requirement Features, and Account Lockout out of the box. These features were still possible but required more work.
Version 2.0 of the Identity Provider, which was released to RTM yesterday, includes more robust features such as Email Verification, Cell Phone Verfication and 2-Factor Authentication Out of the Box; however, a lot of these features require some setup to get working in your application. Again, I feel that a lot of these things should be up to the developer or the business to decide how it should work. In the following and subsequent blog posts, I will walk through the work that is needed to setup some of the basic and advanced features of Identity 2.0.
I recommend that if you are going to play with the new Identity Providers, your best bet is to start with a new MVC project, and not an existing project. In a later post I will show a few options for migrating from SqlMembershipProvider to the new Identity Provider.
For now, to install the packages you just need to install the following packages.
Install-Package Microsoft.AspNet.Identity.EntityFramework –Version 2.0.0 Install-Package Microsoft.AspNet.Identity.Core -Version 2.0.0 Install-Package Microsoft.AspNet.Identity.OWIN -Version 2.0.0
My next post will go over:
- Setting up Password requirements
- Require special Characters
- Cannot be the same as the username
- Email verification
- A link in the email is required to be clicked before an account is activated
Until then, microsoft has provided some samples for many of the new features in Identity 2.0, to install them just install the following NuGet package.
Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta2 -Pre