This video shows you how to set up an application with Identity services, using SQL Server and Entity Framework Core for the membership storage.
- [Instructor] Now that we've reviewed the features and concepts behind AspNetCore.Identity let's get into the code. In your exercise files, open up the chapter one folder and the subfolder for our lesson. Then, inside the application folder open the Visual Studio solution file. We'll walk through the steps to set up Identity Services so we can start leveraging their capabilities.
We'll also look at how to store identity data, like user accounts, claims, and roles. First, I'll add the dependencies we need using NuGet Package Manager by right-clicking on the project file and selecting Manage NuGet Packages. In the Browse window let's search for AspNetCore.identity. There are different packages to choose from based on how we'll store our membership data.
We have multiple options for configuring storage. Database providers, Azure table storage, and active directory, just to name a few. We'll be persisting our application's identity schema in a local SQL server database. EntityFrameworkCore is how we'll access the data so go ahead and select the Identity Entity Framework Core package and install it to your project.
I've already added the main Entity Framework Core package to the project. You can find it installed here. Now let's open up the Startup class and navigate to the Configure Services method. This is where we'll configure the dependencies needed for Identity Services. Here on line 39 I'll add a call to Add Identity, which accepts two generic-type parameters.
The first is the User, and we'll use the default Identity User class that comes with the framework. You'll need to add in the Entity Framework Core Assembly to use the default class. IdentityUser has properties like username, email, and a collection of user Claims. You could also inherit from IdentityUser to add your own custom properties. The next generic parameter is Identity Role.
It provides authorization information, like access rights. The default class has properties like Role Name. You can also derive from it if you need to customize it. Because we're using SQL server, an entity framework for data storage, we need to register our DbContext using dependency injection. We'll add that here on line 40. The identity system offers a custom database context called IdentityDbContext.
It has Db set properties for users, roles, claims, and other tables in the membership schema. And now for our context options. We'll be using SQL server as our database provider, and we need to provide the connection string name. The connection string you see here is stored in the app settings json configuration file.
Let's take a quick look at that. You can see that it's configured to use the local SQL server express instance that's installed with Visual Studio. Next, we need to configure our migrations assembly. And we'll do that by calling optionsBuilders.MigrationAssembly and typing in the full name of our assembly, which is Tutorial.
AspNetSecurity. RouxAcademy. The reason we need to do this is because the IdentityDbContext isn't part of our project, and this will avoid errors during entity framework migrations. Now we need to tell Identity Services to use entity framework, and we'll do that by adding a call to the AddEntityFrameworkStores method. And we'll specify the database context to use, which is the IdentityDBContext we just registered.
And finally, we'll add our Default Token Providers. These are involved in generating tokens for password reset and two-factor authentication functionality. We now have two database contexts. One for the Identity database, and one for our application called Student Data Context. To ensure that the Identity tables get created in our local database we need to issue some entity framework migrations.
Open up the Tools menu and select NuGet Package Manager and Package Manager Console. Let's type in the Add Migration command. And we'll need to specify the name of our database context, which is IdentityDbContext. This command added a Migrations folder to our project with autogenerated Migrations code.
Next, we'll need to run the Update Database command. And again, we'll provide the name of our context. And this command actually applies the migrations to the database. We can now browse the tables that were created. In the View menu open up SQL Server Object Explorer.
Expand the Databases node and you'll see the RouxAcademy database. Let's open that up and take a look at our tables. Notice the tables that were generated that start with AspNet. Here you can see the user and role tables and other supporting tables used by Identity. There's one more step left to enable Identity. Let's go back to the Startup class and find our Configure method.
We'll need to register the cookie middleware here, and notice that it's done before registering the Mvc middleware so it can redirect to the login page when Mvc detects unauthorized access. With this simple call to Use Identity cookie-based authentication is now added to the request pipeline.
- Securing your app with Identity Framework
- Setting up token authentication in an MVC application
- Integrating external authentication service providers
- Protecting against common attacks such as XSRF and SQL injection
- Protecting sensitive data
- Encryption basics
- Working with cookies
- Displaying error information