|
On March 20, 2014, the ASP.NET team released the RTM version 2.0 of the new Identity framework. The new release brings with it some long-awaited new features, and marks a substantial expansion of the security and authorization capabilities available to ASP.NET applications of all types.
The ASP.NET Identity framework was originally introduced in 2013 as the follow-on to the ASP.NET Membership system, a staple of MVC applications for several years, but which was beginning to show its age. Originally, ASP.NET Identity presented a useful, if somewhat minimal API for managing security and authorization in the context of a public-facing web application built using ASP.NET. The Identity framework introduced modern features such as social network log-in integration, and easily extensible user model definitions.
The new RTM release introduces the following features, among others:
Extended User Account Definition, including Email and contact information
Two-Factor Authentication via email or SMS messaging, functionally similar to that used by Google, Microsoft, and others
Account Confirmation via email
Administrative management of Users and Roles
Account Lock-Out in response to invalid log-in attempts
Security Token Provider to regenerate a user's security token in response to changes in security settings.
Improved support for Social log-ins
Easy Integration of Claims-Based Authorization
Identity 2.0 represents a substantial revision from the original version introduced last year. With the numerous new features, comes some added complexity. If, like myself, you had just recently found your way through the first iteration of the Identity framework, be ready. While you won't be starting over from scratch with version 2.0, there is a lot to learn.
In this article, we're going to take a look around, get familiar with the major components of the system, and in general familiarize ourselves with the new features, and where they fit in the overall scheme of things. We won't go into too much detail yet. Think of this as a familiarization tour.
If you are looking for more detailed how-to's, I will be adding posts over the next few weeks examining specific implementation concerns here:
How to Set UP Account Validation and Two-Factor Authentication
ASP.NET Identity 2.0: Customizing Users and Roles
ASP.NET Identity 2.0 Extending Identity Models and Using Integer Keys Instead of Strings
ASP.NET 4.5 project templates (such as we will be examining here) incorporate OWIN, and specifically the Katana implementation. For more information on OWIN, Katana, and the middleware pipline see ASP.NET: Understanding OWIN, Katana, and the Middleware Pipeline.
If you are planning to use Identity 2.0 with Web Api, the landscape looks a little different. You may want to check out the following posts:
ASP.NET Identity 2.0: Introduction to Working with Identity 2.0 and Web API 2.2
ASP.NET Web Api and Identity 2.0 - Customizing Identity Models and Implementing Role-Based Authorization
While we will be looking at a decent amount of code, it's not necessary yet to understand the details of what it all does - just get familiar with the general concepts, where the major components are located, and how things are structured.
Identity 2.0 Configuration - Not So Simple Anymore
The New ApplicationUser Class in Identity 2.0
Identity 2.0 Configuration Components and Helpers
Application User Manager and Application Role Manager
Email Service and SMS Service for Account Validation and Two-Factor Auth
Sign-In Helper - The Basic Identity 2.0 Sign-In API
Signing in: Compare to Identity 1.0
The Heart of it All - ApplicationDbContext
Additional Resources and Items of Interest
Identity 2.0 Introduces Breaking Changes
Identity 2.0 does not slide smoothly into place for applications written using version 1. The additional capabilities appear to have required significant changes to the architecture, and the manner in which the Identity API is consumed from within the application. Upgrading an existing ASP.NET application from Identity 1.0 to the 2.0 version will require some new code, and is beyond the scope of this article. Be aware, though, that moving from Identity 1.0 to the 2.0 version is not a simple "plug-it-in-and-go" affair.
To More Follows on--
 ASP.NET MVC and Identity 2.0: Understanding the Basics[^]
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
