who are you?
TRANSCRIPT
Who are you?Digging into ASP.NET Identity 2.1
Josh Gillespie
Agenda
What i s an Ident i ty?
What is an Identity?
• Proof that you are who you say you are. (authentication)
• The things are you permitted to do. (authorization)
• Other information we (need to) know about you? (profile)
History of Identity in .NET
• Forms and Windows Authentication
• ASP.NET Providers• Released with .NET 2.0 (2005)• Addressed common site membership requirements
• ASP.NET Simple Membership• Released with VS2010 SP1
• ASP.NET Universal Providers
ASP.NET Providers
Pros
• Simple to setup
• “Just works”
Cons
• Extensibility was hard
• Testing was hard
• Other Auth approaches were hard
• Dependent on SQL Server
• Profile was hard to query
• Dependent on Forms Auth
ASP.NET Simple Providers
Pros
• Profile was improved
• Easier to add to Web page apps
Cons
• Non-relational stores are hard
• Still FormsAuth dependent
• Not extensible
ASP.NET Universal Providers
Pros
• Database was cleaned up
• Used EF Code First
• Can use any EF supported store
Cons
• Built on Membership, same limitations
ASP.NET Ident i tyCurrently 2.1
Goals
• Useable everywhere (One ASP.NET)
• Easy profile access
• Persistence agnostic
• Testable
• Role-based Authorization
• Claims-based Authorization
• Third-party Authentication
• Azure AD
• OWIN Integrated
• NuGet package
So where would you star t?
Interfaces
• Entities (IUser, IRole, IClaim, etc)
• Stores (IUserStore, IRoleStore, etc)
• Managers
• Misc supporting classes• TokenProviders• Validators• Factories
Application
Managers
Stores
Data Access Layer
Data Storage
Factories
Token Providers
Validators
Services
Entities
Closer lookDecompile and look at one “Stack”
Fi le New Pro jectWhat do I get fresh out of the box?
Demo Opt ions1. Change the Primary Key
2. Add a Two-Factor Authenticator Provider
Takeaways
• When should you use ASP.NET Identity?
• What is it good for, what is it not good for?
• Implement only what you need.
Discuss ion
