Accounting and roles with ASP.NET Identity in MVC

This is a simple tutorial on how to set up accounting and roles authorization in an ASP.NET MVC 5 application using ASP.NET Identity framework.
Sample project can be downloaded here https://github.com/mchudinov/AspMvc5Identity

identity

This tutorial is based on chapters 13 and 14 about ASP.NET identity from an excellent book by Adam Freeman “Pro ASP.NET MVC 5 Platform“.

1. Preparation

Create MVC solution and add ASP.NET Identity packages to it:

2. Update the Web.config file

Two changes are required to the Web.config file. The first is a connection string to use with Identity. The second change is to define an application setting that names the class that initializes OWIN middleware.

3. Creating the User Class and Role Class

The user class is derived from IdentityUser, which is defined in the Microsoft.AspNet.Identity.EntityFramework namespace. IdentityUser provides the basic user representation. The role class is derived from IdentityRole class.

Add any additional properties you need to these classes. In fact these derived classes are needed only if you want to have additional properties. Otherwise use IdentityUser and IdentityRole directly.

4. Creating the Database Context Class and a DB Init Class

The context class is derived from IdentityDbContext<T>, where T is the user class.

Create() method is in use in OWIN start class. OWIN knows the DB context through this method.

My seed class is called IdentityDbInit. I use CreateDatabaseIfNotExists database initializer. As the name suggests, it will create the database if none exists as per the configuration. Seed method creates Administrators role and an admin administrator’s account.

Read more here about Database Initialization Strategies in Entity Framework.

5. Creating Manager Classes for Users and Roles

Manager classes are used by controllers to execute CRUD actions on users and role.

User manager class manages instances of the user class. The user manager class must be derived from UserManager<T>, where T is the user class.

The RoleManager is accordingly derived form RoleManager<T> where T is a role class.

 

6. Creating OWIN Startup Class

Start class starts ASP.NET Identity according to OWIN specification. The name of this class is used in Web.config
<add key="owin:AppStartup" value="AspMvc5Identity.Startup" />

7. Account Controller and Login View

Controller is needed for variuos authentication scenarious. I use simple form authentication in this tutorial. We need a account controller and a login view for it as it is mentioned in IndentityConfig class in LoginPath:

Account controller needs methods for login and logout:

Login view:

8. Users and Roles Controllers

Now we need to create controllers to operate over users and roles. Controllers need Index, Create, Delete and Edit methods.

 

9. Views for Users and Roles

An example of Index view for users:

10. Enable database migrations

ASP.NET Identity uses an Entity Framework behind the scene which uses a database as a backend storage. As soon as user or role data model in the application is changed the database must be changed accordingly or application will not work. Thus we need data migrations with code-first scenario.

Code-first scenario needs three steps in Package Manager Console command line.

10.1 Enable-Migrations command

In case we use ASP.NET Identity side by side with another Entity Framework database context with enabled migrations, which is very likely in a real world application, we might need a couple of advanced parameters here.

I split the command in several lines, but it should be a single line as a real command.

Explanation:
-ContextProjectName
Specifies the project name which contains the DbContext class to use.
-StartUpProjectName
Specifies the project name which contains configuration file to use for named connection strings. This is important if application’s start class is not in the same project where database context is placed.
-ProjectName
Specifies the project that the scaffolded migrations configuration class will be added to.
-ConnectionStringName
Specifies the the connection string to use. This is only needed if ASP.NET Identity uses another database then the rest of application.
-MigrationsDirectory
Specifies the name of the directory that will contain migrations code files. This is important if Identity DB context lives in the same project as applications DB context. In this case migrations folders for Identity and for the rest of application must be different. Which we can specify using this key.
-ContextTypeName
Specifies the Identity database context class to use.

10.2 Add-Migration command

-StartUpProjectName
Specifies the project name which contains configuration file to use for named connection strings.
-ProjectName
Specifies the project that the scaffolded migrations configuration class will be added to.
-ConnectionStringName
Specifies the the connection string to use. This is only needed if ASP.NET Identity uses another database then the rest of application.

10.3 Update-Database command