ASP.NET Core Identity
Recenty I have been using C# and .NET Core Framework to build backend Web APIs. I have used these Web APIs in web applications that requires a user to first register and login to the application before they are able to use the application. To create the registration and login functionality in a Web API, one usually has to create contollers which contains endpoints of the API that communicate with the frontend, services which contains the logic of the application and sql commands which communicate with the database. The other way is to use ASP.NET Core identity which is an API that support user interface login functionality, manage users, passwords, roles, tokens, email confirmation and more to ASP.NET Core web applications. The ASP.NET Core identity API is not related to the Microsoft identity platform, which is an evolution of the Azure Active Directory developer platform.
Using the ASP.NET Core identity API still requires the creation of controllers and an identity services. The identity service is where the identity API is implemented. The identity API has two very useful classes, namely, the ASP.NET Core identity UserManager class and the ASP.NET Core identity RoleManager class. The UserManager class is used to manage users, i.e., registration of users, updating user information, etc. The RoleManager class is used to manage roles, i.e., create roles and assign users to those roles. These roles can be an admin role of the application, user role or any role that one want to create in the application. These roles can be used to allow certain users access to certain endpoints, that is, functionality of the application and deny access to those that are not assigned that role. This is called role based access. A simple example of how role based access is used in web applications is allowing certain users, "admins", privilege to suspend accounts of other users, e.g. Twitter admins can suspend user's Twitter accounts, one famous or infamous example depending on who you ask being the suspension of a Twitter account of a certain Former president.
The primary package for for identity is Microsoft.AspnetCore.Identity. The UserManager class has the following important methods
Nane | Description |
---|---|
CreateAsync(TUser) | Creates a user with no password |
CreateAsync(TUser, String) | Creates a user with the given password |
DeleteAsync(TUser) | Deletes a user |
FindByNameAsync(String) | Finds a user by user name |
AddToRoleAsync(TKey, String) | Adds a user to a role |
GeneratePasswordResetTokenAsync(TKey) | Generates a password reset token for the user using the UserTokenProvider |
The RoleManager class has similar methods to create roles, delete roles, find roles by user name, etc.