ASP.Net Core 3 Identity
The aim of this post is to teach you how to teach you how to implement Identity Authentication & Authorization with ASP.Net Core 3. We will begin with a cookie-cutter Microsoft starter project and then modify that to use Kendo in a future lesson.
First Things First
Because Core 3 is only officially a few days old as of the moment of this article, I'll walk you through the basics of getting it working on your computer.
- You'll want to download the x64 and/or x86 SDK from here.
- Don't forget to update to the latest version of Visual Studio 2019 with "Visual Studio Installer" or you won't see ASP.Net Core 3.
- Microsoft does a pretty good job of setting the stage for you and basic authentication works out of the box. We'll just use localdb for this project that is already setup in your appsettings.json file. The only thing you need to do in order to get authentication working is simply go to the Package Manager Console and type: update-database.
- Hit F5 and wait impatiently 🥱 for your project to load. Click on Register to create a local account. Here, you will get a message saying "This app does not currently have a real email sender registered..." Instead of simply clicking the link provided, let's fix the issue instead.
- Because we didn't click that link, we have effectively orphaned that email address so it "cannot" be accessed ever again (without manually confirming it in the database). So, let's start with a fresh database. Click on Package Manager Console and enter the following three commands in sequence:
Remove-Migration -Force Add-Migration CreateIdentitySchema Update-Database
Now, you will have a fresh copy of your database to start from.
The following code will send out the intrensic emails (registration confirmation, forgotten password, et cetera) from Identity, but you will most likely use the same methods for your own code. If you don't already have a SMTP server that you want to use, I'd recommend the older Windows App version of Smtp4Dev. There is a much newer version, but those new to .net core or that don't want to run it in a docker container should just download the old version.
- The first thing that we are going to want to do is define the email service. I do that by creating a directory called Services from the root and then create a new class called EmailSender.cs inside of that directory. The code for that service should look as follows:
- Now that we have done that, you'll want to define some properties in your ~/appsettings.json file, which should look like the following:
- Lastly, we'll want to configure the services in our ~/Startup.cs class:
Setting up oAuth & Facebook Authentication
This post presumes you know how to go about creating an app on the Facebook Developer's (Apps Page) https://developers.facebook.com/apps/. So, we'll get straight to the coding. 🙂
The first thing you're going to want to do is create user secrets to keep this data secure. There are two ways of accomplishing this: Through the Developer's command prompt with:
dotnet user-secrets set Authentication:Facebook:AppId <app-id> dotnet user-secrets set Authentication:Facebook:AppSecret <app-secret>
Finally, you'll want to open ~/Statup.cs again and add the following:
After adding the above, you will be able to easily authenticate users with Facebook. There are several other oAuth providers that are equally added in a similar manner.
In this article we covered how to create a bare bones site that properly implements ASP.Net C3 Identity Services and how to use oAuth to allow users to login from external providers.
The full source for this article can be found at https://github.com/coderpros/blog/CoderPro.Blog.Core3.Identity.
As always, the username & password to the Umbraco back office is:
If you have any questions or need any help with your programming project, please feel free to drop me a line anytime, by using our contact form.
Coming Up Next Time
In the next post, we will use the brand new version of SignalR that rolled out with Core 3 to write a web based system to receive files. It will be coded in such a way that if the user is disconnected from the server, they will automatically be reconnected, which was always a pain in the previous version of SignalR. Until then: Happy Coding!