Understanding ASP.NET Identity
In my previous article I discussed about JQuery DataTable Bind JSON Using ASP.NET MVC 5 and Entity Framework 6 and Scheduled Tasks In ASP.NET With Quartz.Net and JQGrid Server-Side processing using HttpHandler in ASP.NET.
In this article I am going to explain about classic Membership system it advantages and disadvantages. How it is failing to fulfill new demands of authentication and authorization. Also explain about ASP.NET Identity, new approach to implement ASP.NET membership. ASP.NET Identity's new features. I will also compare classic, simple membership with asp.net Identity.
Classic MembershipASP.NET Membership API was introduced first in 2005 with ASP.NET 2.0. It was the good solution for authentication and authorization in ASP.NET application with some problems. ASP.NET Membership API was great at the time when it was introduced. Many web applications found useful solution for authentication and authorization, and successfully implemented.
But many developers' found difficulties when requirement require capturing additional fields that means Membership is hard to customize also database schema is designed for SQL Server only to store data for users. Because it uses SQL Server database, it was hard to move data to other data sources, especially to non-relational databases. Membership system restricts you to use SQL Server database only. Also, Membership system uses Forms Authentication to sign-In and sign-out from application.
Simple MembershipMicrosoft was introduced Simple Membership in his next implementation with VS 2010 SP1. In Simple Membership, it provides flexibility to customize user profiles. Simple Membership was made primarily for MVC application. But Simple Membership still not addressed some other major problems like developer cannot use other database or non-relational database to store data for persistence, cannot use other membership providers, hard to implement OWIN etc.
ASP.NET IdentityASP.NET Identity is a new approach to implement ASP.NET membership, which was designed and developed to solve requirement that includes forms authentication, SQL Server database for user names, passwords and profile data as well. Identity solved all Membership problems and also supports newest requirement that includes external login with existing Facebook, Google, Twitter or Live login. Here are some important features of ASP.NET Identity:
Features of ASP.NET IdentityASP.NET Identity provides some excellent new features that include:
One ASP.NET IdentityThe ASP.NET Identity framework was originally introduced in VS 2013 and follow One ASP.NET approach. It support all the ASP.NET frameworks such as Web Forms, ASP.NET MVC, ASP.NET Web API and SignalR.
Persistence controlNow developer has complete control over the schema of user profile information. You can easily extend user profile to include more user information like DOB and address information. ASP.NET Identity uses the entity framework code first to store the user related information to the database. You have great flexibility to change the database schema and data type of the primary key. Since it uses the Entity Framework, it can be used to persist data in any data store supported by Entity Framework.
Account Confirmation MailThe confirmation mail can be sent to the user to verify their email.
Unit testabilityNow you can use unit testing to test your login or register action functionality using ASP.NET Identity.
Two factor Authentications - Email/SMSIn two factor authentication mechanism, user is authenticated by combining two different methods. The two factor authentication approach has second level of authentication to an account log in process.
Roles ProviderIt is similar to roles in the old ASP.NET membership. Roles are stored in a separate database table and you can create, edit and delete the roles.
Claims BasedASP.NET Identity supports claims-based authentication, where claims allow developers to add lots more information about the user than the simple user name-password provided by the old membership system.
Social Login ProvidersYou have greater flexibility to easily add social log-ins such as Microsoft Account, Facebook, Twitter, Google, and others to your application, and store the user-specific data in your application. You can also roll out your own Identity if any of the above does not match with your requirement.
OWIN IntegrationASP.NET Identity authentication is based on OWIN middleware that can be used on any OWIN-based host. This means that instead of using FormsAuthentication to generate the cookie, the application uses OWIN CookieAuthentication to do that.
NuGet packageASP.NET Identity is now available as download from Nuget packages. You can install in the ASP.NET MVC, Web Forms and Web API templates that ship with Visual Studio 2013.
Note : To know about how to implement ASP.NET identity, read "How to extend the properties of Identity with additional custom properties in ASP.NET" article.
Appreciate your valuable feedback:
I hope this article is useful for you. I look forward for your comments and feedback. So please provide your valuable feedback so that I can make this blog better. You can also share this article by hitting below button.