ASP.NET Identity Recommended Resources
This topic provides links to documentation resources about how to use ASP.NET Identity.
If you know a great blog post, stackoverflow thread, or any other link that would be useful, [send us an email](aspnetue@microsoft.com?subject=Identity recommended resources) with the link or just leave a message at the bottom of this page.
- Getting Started with ASP.NET Identity
- New featured Must Read articles
- Intermediate ASP.NET Identity
- Videos
- Where to ask questions, request features, report a bug and nightly builds
- Blog posts on Identity
- Custom Storage Providers for ASP.NET Identity
- Additional Identity Resources
- Q & A (question/answer)
Getting Started with ASP.NET Identity
- MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on This tutorial shows you how to write an ASP.NET MVC 5 app with Facebook and Google OAuth 2 authorization. It also shows how to add additional data to the Identity database.
- Deploy a Secure ASP.NET MVC app with Membership, OAuth, and SQL Database to a Azure. This tutorial adds Azure deployment, how to secure your app with roles, how to use the membership API to add users and roles, and additional security features.
- Introduction to ASP.NET Identity
- Create a secure ASP.NET MVC 5 web app with log in, email confirmation and password reset
- ASP.NET MVC 5 app with SMS and email Two-Factor Authentication
New featured Must Read articles
- Walkthrough: ASP.NET MVC Identity with Microsoft Account Authentication by Benjamin Day
- ASP.NET Identity 2.0 Extending Identity Models and Using Integer Keys Instead of Strings
- AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity
- Thinktecture.IdentityManager as a replacement for the WSAT
- ASP.NET Identity 2.0: Customizing Users and Roles
Intermediate ASP.NET Identity
- Account Confirmation and Password Recovery with ASP.NET Identity
- Two-factor authentication using SMS and email with ASP.NET Identity
- Migrating an Existing Website from SQL Membership to ASP.NET Identity
- Adding ASP.NET Identity to an Empty or Existing Web Forms Project
- MSDN Magazine External Authentication with ASP.NET Identity by Dino Esposito
- MSDN MagazineA First Look at ASP.NET Identity by Dino Esposito
- ASP.NET Identity – User Lockout
Where to ask questions, request features, report a bug and nightly builds
- For StackOverflow, use the tag aspnet-identity
- For the ASP.NET forums, post to the Security forum and add ASP.NET Identity to the title.
- ASP.NET Identity on GitHub Get nightly builds, request features, open bugs.
Blog posts on Identity
By John Atten
- ASP.NET Identity 2.0 Extending Identity Models and Using Integer Keys Instead of Strings
- ASP.NET Identity 2.0: Customizing Users and Roles
- ASP.NET MVC and Identity 2.0: Understanding the Basics
- Setting Up Account Validation and Two-Factor Authorization
- Configuring Db Connection and Code-First Migration for Identity Accounts in ASP.NET MVC 5 and Visual Studio 2013
By Anders Abel
By K. Scott Allen on Ode to Code
- ASP.NET Core Identity This blog examines the core abstractions, including IUser, IUserStore and the I*Store interfaces.
- ASP.NET Identity with the Entity Framework Individual User Accounts in MVC 5, Web API and SPA apps, connection strings and managing contexts
- Customization Options With ASP.NET Identity
- Implementing ASP.NET Identity
Benjamin DayWalkthrough: ASP.NET MVC Identity with Microsoft Account Authentication
-
- A primer on external login providers (social logins) with OWIN/Katana authentication middleware
- Introducing IdentityReboot: a set of extensions to ASP.NET Identity that implement the major missing features I've complained about.
@beabigrockstar (Jerrie Pelser)
Get more information from Social providers used in the VS 2013 project templates
Building a simple ToDo application with ASP.NET Identity and associating Users with ToDoes
Google OpenId integration issues with ASP.NET Identity If you get the error: HTTP Error 404.15 – Not Found The request filtering module is configured to deny a request where the query string is too long
AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity
Working with Roles in ASP.NET Identity for MVC by Sheo Narayan
Videos
- Channel 9 Securing ASP.NET Applications and Services: Security Facelift for Modern Applications by Ido Flatow
- Channel 9 ASP.NET Identity Intro by Pranav Rastogi
- Channel 9 ASP.NET Authentication using ASP.NET Identity by Cory Fowler
- Channel 9 Building Modern Web Apps: ASP.NET Identity by Jeff Koch
- Channel 9 Securing your website with ASP.NET Identity by Alex Thissen
- Use ASP.NET Identity on an existing DB-Model by Alexander Schmidt
- ASP.NET One Identity by Ivaylo Kenov of Telerik
- Czech ASP.NET Identity In this lecture we will show how to deploy basic authentication, how to add support for external identity providers such as Twitter or Facebook, and how to use one-time passwords (OTP). [ASP.NET Identity je nástupce Membership a Role providerů v ASP.NET, tedy knihovna pro zajištění autentizace uživatelů. V této přednášce si ukážeme, jak nasad]
Custom Storage Providers for ASP.NET Identity
If you want to write your own provider, read Overview of Custom Storage Providers for ASP.NET Identity and Implementing ASP.NET Identity and then examine the source of one of the OSS projects listed below.
- Tutorial: Overview of Custom Storage Providers for ASP.NET Identity by Tom FitzMacken
- Blog: Implementing ASP.NET Identity
- Tutorial:Setting up the basic Identity accounts, and pointing them at an external DB. By @xivSolutions.
- Tutorial: Implementing a Custom MySQL ASP.NET Identity Storage Provider
- Azure Table Storage by James Randall.
- Azure Table Storage: AspNet.Identity.TableStorage by @stuartleeks.
- CouchDB / Cloudant by Daniel Wertheim.
- Elastic Search: Elastic Identity by Bombsquad AB.
- MongoDB by Jonathan Sheely Jonathan Sheely.
- NHibernate.AspNet.Identity by Antônio Milesi Bastos.
- RavenDB by @tourismgeek.
- RavenDB.AspNet.Identity by ILMServices.
- Redis: Redis.AspNet.Identity
- T4 Templates to generate EF code for a "database first" user store: AspNet.Identity.EntityFramework
Additional ASP.NET Identity Resources
- Introducing the Yahoo and LinkedIn OAuth security providers for OWIN by Jerrie Pelser for Yahoo and LinkedIn instructions.
Q&A (question/answer)
- Q: Locked out users who have enabled "remember me" (so they don't have to go through 2FA on that computer/browser) are not locked out. Why and how do I prevent that? Answer here.
- Q: How can I store custom claims, such as the user's real name, in the ASP.NET Identity cookie to avoid unnecessary database queries on every request. Answer here.
- Q: Updating AspNetUser Password Hash: I have 2 projects. One of them is using ASP.NET authentication, the other uses Windows authentication, which is the administration side. I want the Admin project to be able to manage the users of the other. I can modify everything except the password. Answer here.
- Q: How can I reset password as a admin for other users? Answer here.
- Q: Can I change the displayed name of the UserName field in ASP.NET MVC IdentityUser? Answer here.
- Q: How can I gran users permissions to add other users to certain roles? Answer here.
- Q: Storing profile information in the AspNetUsers table vs. the AspNetUserClaims table. Answer here.
- Q: Remember me when using an external authentication provider. Answer here.
- Q: Why does every request require a ApplicationDBContext, isn't that too much overhead?. Answer, No, the overhead is low.
- Q: How do I get a list of logged in users? Answer here.
- Q: How can I detect when a user logs in with Microsoft.AspNet.Identity? Answer here.
- Q: How do I get localized error messages for Identity? Answer here.
- Q: How do I configure the CookieMiddleware to get fresh claims every 30 minutes? Answer here.
- Q: How do modify the claims for the user after they have signed in? Answer here.
- Q: How do I invalidate security tokens? Answer here.
- Q: How do is store claims in the cookie middleware? Answer here.
- Q: I'd like to have a PIN or security check on each action method in my MVC app, but I'd like to store the users success so they don't have to enter the PIN on every request to that action method. Answer here.
- Q: I'd like to save the returned email address from a social provider to the DB, how do I do that? Answer here:
- Q: How can I detect when a user logs in both with/with-out a "remember me" cookie? Answer here.
- Q: Can I modify claims in ASP.NET Identity with OWIN after calling SignIn? Answer: Calling SignIn is exactly what you are supposed to do when you want to modify the claims for the user. It basically causes the ClaimsIdentity to be serialized into the cookie, which is why you see the new claims show up on subsequent requests.