18

I am a bit confused with customizing UserManager and UserStore. Out of the box solution comes with EF implementation and i don't want to use EF but my own DAL that uses MSSQL. I want to have Claims based security where one of the users Claims will be roles.

What i am confused with is the overall process i should do. From what i undestand so far is that i need to make my own

CustomApplicationUser : IUser
CustomUserManager : UserManager<CustomApplicationUser>
CustomUserStore : IUserStore, IUserClaimStore

Questions:

  1. Am i on the right track with this?
  2. I want to use IsInRole() method on my CustomUserManager but not sure how to do it with Claims. I am aware there is IUserRoleStore.IsInRole() which default UserManager calls in UserManager.IsInRole() but i don't want separate Roles table in my DB. What i want is Claims DB table with one of ClaimType being Role and that UserManager.IsInRole() uses that. Now, i am not evet sure why would i ever need UserManager.IsInRole() method? Would i actually need to have something like custom ClaimsIdentity SignInManager.CreateUserIdentityAsync() and within that one call my own implementation of filling in all users info including Claims?

It seems a bit confusing for me and i can't seem to find some clear documentation about it so if anyone could shed a bit of light on it i would highly appreciate it!

dee zg
  • 10,582
  • 7
  • 33
  • 59
  • 1
    New paradigm is claim based. Claims are just collection of values(strings) associated with a user. Roles are implemented as claims. `IsInRole()` and other role-related APIs are there for older mental paradigm. – Sherlock Feb 07 '17 at 19:31
  • @dee-zg have u got some running code of custom db providers to asp.net identity ? – vibs2006 Mar 18 '18 at 14:36

1 Answers1

12

Instead of just copying I will just point you to following article: Overview of Custom Storage Providers for ASP.NET Identity.

Take a look at this, it should give you nice overview of how identity works in ASP.NET. It's also good for choosing what you want to override and customize in your application.

Dawid Rutkowski
  • 2,486
  • 1
  • 27
  • 31
  • 15
    Here's the .NET Core version of that article: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers – D-Sect Jan 20 '18 at 17:05
  • 1
    reading the suggested article i can't understand where to implement a custom Login/logout method. The article suggests to rewrite only the "store" and "data" layer implementing the interfaces you need, but these intefaces don't have any of login/logout methods. Maybe this operation must be performed in the upper layer, "IdentityManager" layer? (UserManager) I can't find any example how to implement a custom login that use my legacy code – alex Apr 30 '20 at 10:48