ASP.NET Identity

ASP.NET Identity is the membership system for ASP.NET apps

Learn more »

Following are the features of ASP.NET Identity in this sample

  1. Initialize ASP.NET Identity
    You can initialize ASP.NET Identity when the application starts. Since ASP.NET Identity is Entity Framework based in this sample, you can create DatabaseInitializer which is configured to get called each time the app starts. Please look in Global.asax and App_Start\IdentityConfig.cs This code shows the following
    • When should the Initializer run and when should the database be created
    • Create user
    • Create user with password
    • Create Roles
    • Add Users to Roles
  2. Customize Table Name for AspNetUsers
    If you want to change the default table name for the Users table, then you can do so by overriding the default mapping of the EF Code First types to table names. Look in Models\AppModel.cs on how we override the table name in ModelCreating event of DbContext For more info on override ModelCreating please visit
  3. Add profile data for the user
    Please follow this tutorial.
    • Add profile information in the Users Table
    • Add profile information in a different table
    • Look in Models\AppModel.cs for examples
  4. Display profile data for the user
    Click My Profile view profile info for the logged in user. For the code look in HomeController.cs Profile Action
  5. Claims
    You can store information about the user as Claims as well. This sample shows the different places where you can inject claims.
    • Add claims to the Claims table when the User regsiters an account. Look in AccountController\Register action where I am storing Gender as a Claim
    • Add a claim before the User Signs In. Look in AccountController\SignIn method where I am adding HomeTown as a claim. As compared to the previous case I am not storing the HomeTownClaim in the database.
    • In both these case the Claim is set on the IPrincipal when the User Signs In
  6. ClaimsIdentityFactory
    When you SignIn, the UserManager creates a ClaimsIdentity by using a ClaimsIdentityFactory. This factory creates a claimsIdentity which contains Roles, UserId and UserName. For most apps this is sufficient. ClaimsIdentityFactory provides a central place where you can control what are the default set of claims generated for the User. In my example, let's say I do not care about Roles and I want to store LastLoginTime as a Claim, then I can provide my own ClaimsIdentityFactory to the UserManager.
    • Look at IdentityExtensions\MyClaimsIdentityFactory.cs for an implementation
    • Look at Controller\ClaimsIdentityFactoryController.cs on how we can register a ClaimsIdentityFactory with the UserManager
  7. Validation
    When you create a User using a username or password, the Identity system performs validation on the username and password, and the passwords are hashed before they are stored in the database. You can customize the validation by changing some of the properties of the validators such as Turn alphanumeric on/off, set minimum password length or you can write your own custom validators and register them with the Manager. You can use the same approach for UserManager and RoleManager.
    • Look at Controllers\ValidationController.cs Default Action on how to tweak the default settings for the Validators
    • Look at IdentityExtensions\MyValidation.cs to see how you can implement the different validators
    • Look at Controllers\ValidationController.cs Cutomize Action on how you can use the custom validators with the Managers
  8. Register a user, Login
    Click Register and see the code in AccountController.cs and Register Action. Click Log in and see the code in AccountController.cs and Login Action.
  9. Basic Role Management
    Do Create, Update, List and Delete Roles. Only Users In Role Admin can access this page. This uses the [Authorize] on the controller.
  10. Basic User Management
    Do Create, Update, List and Delete Users. Assign a Role to a User. Only Users In Role Admin can access this page. This uses the [Authorize] on the controller.
  11. Associating Pets with User
    This example shows how you can create a ToDo application where you can associate ToDoes with a User. Following are the salient features of this sample.
    • Create ToDo model and associate User in EF Code First. Goto Models\AppModel.cs
    • Only Authenticated Users can Create ToDo
    • When you create/list ToDo, we can filter by User. Look at ToDoController
    • Only Users in Role Admin can see all ToDoes. Look at ToDoController and All action.