Secure ASP.NET MVC5 Application with Asp.Net Identity

Changde Wu

Self Introduction Professional .NET Developer in greater Boston area Specialized in WPF and ASP.NET MVC

Path Started as developer with C++, Oracle Pro/C++

Mutltiple years of Java developer with J2EE, many java certificates

Started .NET from WCF and Sharepoint

Finally focused on WPF and ASP.NET MVC

Intro cont.

Serious Web programing

Started with Java Servlet and JSP Development based on SharePoint Asp.net Web development for commercial web sites Maintain a personal web site

The presentation material will be available shortly at http://www.jiacheng-laowu.com/professional

Contact: cwu03d@hotmail.com

Agenda

1. Some basics of web security2. About Asp.net Identity3. Start your first project with Identity in mind4. Get around identity feature from the startup

project5. Use external logins6. Verify User account before allow login

Agenda (cont.)

7. Two factor login (2-FA)8. Password reset and account lockout9. Customize application user10.User and role administration11.Resources

Completed project

The complete project is available for downloading and playing.The project is complete and have every thing you need, including create/edit/delete users and roles.

To run the project smoothly, follow these guidelines. Item 1: Use Local IIS and SQL Server Configure your web site runs on standard ports (80 for http, 443 for https) Set your web site url as: www.private-yuandi.com, point the root to this project directory! If you run local IIS, be sure to launch Visual Studio 2013 update 4 with admin privilege Set your Database name as AspIdentityWeb (check the DefaultConnection db connection string for detail) Item 2: For external logins, you can create you own. You are also welcome to use the ones I created for this project. See the <!-- External Logins --> part in Web.config for detail. Set your web site url as: www.private-yuandi.com Set your Database name as AspIdentityWeb (check the DefaultConnection db connection string for detail) Please find out the <!-- gmail --> and <!-- Twilio--> and add your account credential to use email and SMS services Item3: If you encounter the DB schema exception, run Update-Database from your Visual studio “Package Manage

Console” for the correct schema. I have already created the migration script for your ready use. Item4. Default admin user admin@private-yuandi.com with password Boss_1234 is created by DB initializer to

access UserAdmin area for admin jobs.

Have fun and send me message if you have trouble.