Asp.Net Identity - A Beginner Guide
Authentication is one of the major concern of any application we develop. From initial days, Asp.Net framework provides authentication in 3 different ways, they are Forms Authentication, Windows Authentication and Passport Authentication. The Authentication system was taken to next level with the release of Asp.Net 2.0 when Provider based model was released. The Provider model, typically called Asp.Net Membership Provider model simplified the Authentication and Authorization process so much. The provider model required very less effort to store profile information and incorporating authentication into our application. Microsoft gave a configuration based model to integrate providers which made working with provider models simpler.
From then, the web has developed so much, almost every business started running from the Web. Additionally, the introduction of social media platforms and mobile connectivity has increased foot print of internet across the world and due to this, there was a surge in number of people using internet services daily. Now, people are comfortable using their social media identity to login to various services instead of managing separate credentials for every services. On tech side, there are many new platforms, cutting-edge web technologies that were added into the web stack. Though, Asp.Net framework is constantly updated it also became need of the time to take it next level by crossing the boundary lines. Applications should run across platforms, should run on mobile devices and required a unified programming model. The Asp.Net Provider model has now become out-dated and was not able to cater these changing needs. There are various factors, some are listed below.
It was originally designed for relational database, more particular for SQL server.
It works only with Forms Authentication and IIS Integrated Authentication.
It has strong dependency on System.Web, so, they can’t support OWIN. Read What is OWIN? A Beginners Guide
It does not work well with external authentication providers like FaceBook, Gmail, Twitter, Microsoft OAuth providers.
Unit testing is difficult, no separation of concerns between layers.
After Provider model, Microsoft has released many new versions of their membership systems, like Asp.Net Simple Membership system (or Asp.Net Membership system) and ASP.NET Universal Providers. Though these system brought new capabilities but none has come out as the next single system that can be used henceforth. All these systems were again working closely with Forms Authentication module (IIS dependency, so no OWIN support) or it is primarily built for relational persistent storage. This reveals that all the Provider models were just assisting the Forms Authentication module and did not actually make any difference in the way Forms Authentication module works. So,this is why Asp.Net Identity was released to replace the existing model and to maintain the pace with the current trend of web applications.
What is Asp.Net Identity?
Asp.Net Identity is a newly designed, built from scratch system that addresses all the problems discussed above. It is designed to make it the next single Identity system to work across systems like MVC, WebForms, WebPages (Webmatrix), Web API, SignalR, Smart-phone app, hybrid systems, etc. It provides all the required features that makes it the next single system for Identity. It is,
Fully OWIN Complaint.
Works well with External Login Providers or OAuth Providers through middleware components.
Provides persistence with Entity Framework Code-First, thus it will support all database that support EF.
Works across applications, Phone, MVC, WebForms, Hybrid-app, etc.
Makes Unit Testing of our application easy.
Delivered as Nuget packages. This makes updates, bug fixes easily delivered for application developers.
Works well Active directory and Azure Active Directory.
Supports Role based and more powerful Claims Based Identity system.
Asp.Net Identity is part of all Web project template from Visual Studio 2013. All the Nuget packages are included by default.
Note – Though Asp.Net Identity is next single system for providing Authentication and Membership functions, you can still use the traditional Forms Authentication. But using Forms Authentication can run only on IIS and it depends on System.Web assembly thus making it non OWIN complaint. OWIN will be the new default going forward, so if you are building a new system then using OWIN and Asp.Net Identity is the recommended solution.
Asp.Net Identity Nuget Packages
When you create a MVC/Webform/API/SPA/SignalR project in Visual Studio 2013/2015, the Asp.Net Identity packages are included by default. Let’s see what they are.
This package has the Asp.Net Identity interfaces required to write the persistence logic for different storage environments.
EF code First Implementation of Asp.Net Identity Interfaces that use SQL server as persistent media.
Asp.Net Identity OWIN implementation of middleware components required for Authentication system to manage cookies, make re-direction request to external providers, etc.
All the above 3 packages are required for providing Asp.Net Identity feature to our applications. Let’s create a MVC project and we will see the project template’s default implementation of AccountController that use Asp.Net Identity for user creation and sign-in in the next article.