How to Customize Asp.NET Identity Roles with External Database Storage step by step

ASP.NET Identity is designed to enable us to easily use a number of different storage providers for our ASP.NET applications. We can use the supplied Identity providers that are included with the .NET Framework, or we can implement your own providers.

There are two primary reasons for creating a custom Identity  provider.

We need to store Identity information in a data source that is not supported by the Identity providers included with the .NET Framework, such as a MysQL database, an Oracle database, or other data sources.
We need to manage Identity information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework.

A common example of this would be to use authentication data that already exists in a SQL Server database for a company or Web site.
In this tutorial, we are going to implement and configure a custom User and Role Identity Provider  using ASP.NET MVC5.

This post, is a continuation of  How to Customize Asp.NET Identity with External Database Storage step by step, including Roles implementation

Create Asp.NET MVC Project

Open Visual Studio and create an ASP.NET Web application project and choose MVC template

Lets press F5 to run our projet and click on << Register >> link so as to create a new account as follow

Lets enter our email and our password and click register button

Open app_data folder in solution explorer  and open containing folder

We will see that a database is created at runtime and named aspnet-AspNetIdentity-20160402093629, asp.net will use that database to store security informations like user, passwords, roles, etc…

Note that aspnet-AspNetIdentity-2016040209362 is not created on Database Server but as attached file. So, we will move database on SQL Server and use it to customize Asp.Net identity.

Lets use visual Studio and click View, then SQL Server Object Explorer, select database and expand tables

5 tables has been created : AspNetRoles, AspNetUserClaims, AspNetUserLogins, AspNetUserRoles, AspNetUsers

And the registered user has been inserted on AspNetUsers table

Our Identity Storage is now ready, we will come back later to data structure

Now , open SQL Server Express and attach the identity Database created earlier

Right click databases and click attach , browse and choose the database so as to store  aspnet-AspNetIdentity-20160402093629 in SQL Server

We can explore our DataBase Model by creating a database diagram  as follow

Finally, open web.config file and change  connectionstrings to target Sql Server Database as follow

Lets press F5 and run our application  to register and login a  new user

Our application is now ready to use an external storage, on the next section, we will show you how to customize the external database storage

Create Identity Library Project

Lets create a Class Library project and name it IdentityLibrary

Right click reference and select Manage Nuget Packages

Install package Microsoft.AspNet.Identity.Core  and Microsoft.AspNet.Identity.EntityFramework

Create an IdentityUser class to hold user informations, it inherits from IdentityUser

Create a IdentityRole class to hold user roles informations

Lets create a UserStore class, Asp.NET MVC use it  by default

var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));

But we will implement it to  customize our storage provider

Lets Create a RoleStore Class and implement IRoleIdentity

Create an Entity Framework dataModel

Right click IdentityLibrary project and add a new item , select ADO.NET Entity Data Model and click Add

Select Code First From Database and click next

If we have already a dataconnection, we can choose it or create a new connection, select Microsoft SQL Server and clic Continue

Select Server Name, use Windows Authentication or SQL Server Authentication  ( with credentials) , then select database and then click OK

Check  database tables and generate our model

So, 5 classes are created in IdentityLibrary  project and mapped to database tables, we will these classes to manage object

Configure Asp.Net client to target our custom Identity Library

Press F5  to run application,  and  register a new account

We will see that, our new framwork is targeting by asp.net client

Implement custom User Identity

• Implement UserStore 

/// <summary>
/// Class that implements the key ASP.NET Identity user store iterfaces
/// </summary>
public class UserStore<T> : IUserRoleStore<T>,
IUserStore<T>,
IUserPasswordStore<T>,
IUserEmailStore<T>,
IUserLockoutStore<T, string>,
IUserTwoFactorStore<T, string>
where T : IdentityUser
{
private readonly UserRepository<T> _userTable;
private readonly UserRolesRepository _userRolesTable;

public UserStore(DatabaseContext databaseContext)
{
_userTable = new UserRepository<T>(databaseContext);
_userRolesTable = new UserRolesRepository(databaseContext);
}

public Task CreateAsync(T user)
{
if (user == null)
{
throw new ArgumentNullException(“user”);
}
return Task.Run(() => _userTable.Insert(user));
}

public Task<T> FindByIdAsync(string userId)
{
if (string.IsNullOrEmpty(userId))
{
throw new ArgumentException(“Null or empty argument: userId”);
}

return Task.Run(() => _userTable.GeTById(userId));
}

public Task<bool> GetTwoFactorEnabledAsync(T user)
{
return Task.FromResult(user.TwoFactorEnabled);
}

public Task<T> FindByNameAsync(string userName)
{
if (string.IsNullOrEmpty(userName))
{
throw new ArgumentException(“Null or empty argument: userName”);
}

return Task.Run(() => _userTable.GeTByName(userName));
}

public Task<IList<string>> GetRolesAsync(T user)
{
if (user == null)
{
throw new ArgumentNullException(“user”);
}

return Task.Run(() => _userRolesTable.FindByUserId(user.Id));
}

public Task<string> GetPasswordHashAsync(T user)
{
return Task.Run(() => _userTable.GetPasswordHash(user.Id));
}

public Task SetPasswordHashAsync(T user, string passwordHash)
{
return Task.Run(() => user.PasswordHash = passwordHash);
}

public Task<T> FindByEmailAsync(string email)
{
if (String.IsNullOrEmpty(email))
{
throw new ArgumentNullException(“email”);
}

return Task.Run(() => _userTable.GeTByEmail(email));
}

public Task<string> GetEmailAsync(T user)
{
return Task.FromResult(user.Email);
}

public Task<int> GetAccessFailedCountAsync(T user)
{
return Task.FromResult(user.AccessFailedCount);
}

public Task<bool> GetLockoutEnabledAsync(T user)
{
return Task.FromResult(user.LockoutEnabled);
}

public Task<DateTimeOffset> GetLockoutEndDateAsync(T user)
{
return
Task.FromResult(user.LockoutEndDateUtc.HasValue
? new DateTimeOffset(DateTime.SpecifyKind(user.LockoutEndDateUtc.Value, DateTimeKind.Utc))
: new DateTimeOffset());
}

public Task SetLockoutEnabledAsync(T user, bool enabled)
{
user.LockoutEnabled = enabled;

return Task.Run(() => _userTable.Update(user));
}

public Task SetLockoutEndDateAsync(T user, DateTimeOffset lockoutEnd)
{
throw new NotImplementedException();
}

public Task SetTwoFactorEnabledAsync(T user, bool enabled)
{
throw new NotImplementedException();
}

public Task DeleteAsync(T user)
{
throw new NotImplementedException();
}

public Task<int> IncrementAccessFailedCountAsync(T user)
{
throw new NotImplementedException();
}

public Task ResetAccessFailedCountAsync(T user)
{
throw new NotImplementedException();
}

public Task<bool> GetEmailConfirmedAsync(T user)
{
throw new NotImplementedException();
}

public Task SetEmailAsync(T user, string email)
{
throw new NotImplementedException();
}

public Task SetEmailConfirmedAsync(T user, bool confirmed)
{
throw new NotImplementedException();
}

public Task<bool> IsInRoleAsync(T user, string roleName)
{
throw new NotImplementedException();
}

public Task RemoveFromRoleAsync(T user, string roleName)
{
throw new NotImplementedException();
}

public Task<bool> HasPasswordAsync(T user)
{
throw new NotImplementedException();
}

public Task UpdateAsync(T user)
{
throw new NotImplementedException();
}

public Task AddToRoleAsync(T user, string roleName)
{
throw new NotImplementedException();
}

public void Dispose()
{
//throw new NotImplementedException();
}
}

• Create a class UserRepository  and implement it  

public class UserRepository<T> where T : IdentityUser
{
private readonly DatabaseContext _databaseContext;

public UserRepository(DatabaseContext databaseContext)
{
_databaseContext = databaseContext;
}

internal T GeTByName(string userName)
{
var user = _databaseContext.AspNetUsers.SingleOrDefault(u => u.UserName == userName);
if (user != null)
{
T result = (T)Activator.CreateInstance(typeof(T));
result.Id = user.Id;
result.UserName = user.UserName;
result.PasswordHash = user.PasswordHash;
result.SecurityStamp = user.SecurityStamp;
result.Email = result.Email;
result.EmailConfirmed = user.EmailConfirmed;
result.PhoneNumber = user.PhoneNumber;
result.PhoneNumberConfirmed = user.PhoneNumberConfirmed;
result.LockoutEnabled = user.LockoutEnabled;
result.LockoutEndDateUtc = user.LockoutEndDateUtc;
result.AccessFailedCount = user.AccessFailedCount;
return result;
}
return null;
}

internal T GeTByEmail(string email)
{
var user = _databaseContext.AspNetUsers.SingleOrDefault(u => u.Email == email);
if (user != null)
{
T result = (T)Activator.CreateInstance(typeof(T));

result.Id = user.Id;
result.UserName = user.UserName;
result.PasswordHash = user.PasswordHash;
result.SecurityStamp = user.SecurityStamp;
result.Email = result.Email;
result.EmailConfirmed = user.EmailConfirmed;
result.PhoneNumber = user.PhoneNumber;
result.PhoneNumberConfirmed = user.PhoneNumberConfirmed;
result.LockoutEnabled = user.LockoutEnabled;
result.LockoutEndDateUtc = user.LockoutEndDateUtc;
result.AccessFailedCount = user.AccessFailedCount;
return result;
}
return null;
}

internal int Insert(T user)
{
_databaseContext.AspNetUsers.Add(new AspNetUsers
{
Id = user.Id,
UserName = user.UserName,
PasswordHash = user.PasswordHash,
SecurityStamp = user.SecurityStamp,
Email = user.Email,
EmailConfirmed = user.EmailConfirmed,
PhoneNumber = user.PhoneNumber,
PhoneNumberConfirmed = user.PhoneNumberConfirmed,
LockoutEnabled = user.LockoutEnabled,
LockoutEndDateUtc = user.LockoutEndDateUtc,
AccessFailedCount = user.AccessFailedCount
});

return _databaseContext.SaveChanges();
}

/// <summary>
/// Returns an T given the user’s id
/// </summary>
/// <param name=”userId”>The user’s id</param>
/// <returns></returns>
public T GeTById(string userId)
{
var user = _databaseContext.AspNetUsers.Find(userId);
T result = (T)Activator.CreateInstance(typeof(T));

result.Id = user.Id;
result.UserName = user.UserName;
result.PasswordHash = user.PasswordHash;
result.SecurityStamp = user.SecurityStamp;
result.Email = result.Email;
result.EmailConfirmed = user.EmailConfirmed;
result.PhoneNumber = user.PhoneNumber;
result.PhoneNumberConfirmed = user.PhoneNumberConfirmed;
result.LockoutEnabled = user.LockoutEnabled;
result.LockoutEndDateUtc = user.LockoutEndDateUtc;
result.AccessFailedCount = user.AccessFailedCount;
return result;
}

/// <summary>
/// Return the user’s password hash
/// </summary>
/// <param name=”userId”>The user’s id</param>
/// <returns></returns>
public string GetPasswordHash(string userId)
{
var user = _databaseContext.AspNetUsers.FirstOrDefault(u => u.Id == userId);
var passHash = user != null ? user.PasswordHash : null;
return passHash;
}

/// <summary>
/// Updates a user in the Users table
/// </summary>
/// <param name=”user”></param>
/// <returns></returns>
public int Update(T user)
{
var result = _databaseContext.AspNetUsers.FirstOrDefault(u => u.Id == user.Id);
if (result != null)
{
result.UserName = user.UserName;
result.PasswordHash = user.PasswordHash;
result.SecurityStamp = user.SecurityStamp;
result.Email = result.Email;
result.EmailConfirmed = user.EmailConfirmed;
result.PhoneNumber = user.PhoneNumber;
result.PhoneNumberConfirmed = user.PhoneNumberConfirmed;
result.LockoutEnabled = user.LockoutEnabled;
result.LockoutEndDateUtc = user.LockoutEndDateUtc;
result.AccessFailedCount = user.AccessFailedCount;
return _databaseContext.SaveChanges();
}
return 0;
}
}

• Create a  UserRolesRepository class and implement it

Our asp.net client application is now ready  to use IdentityLibrary to register, and it enable us to login and logout user

Implement custom Role Identity

Open IdentityConfig.cs file and add an ApplicationRoleManager class

Create and implement a RoleStore>T> class that inherits IdentityRole

/// <summary>
/// Class that implements the key ASP.NET Identity role store iterfaces
/// </summary>
public class RoleStore<TRole> : IQueryableRoleStore<TRole>
where TRole : IdentityRole
{
private readonly RoleRepository<TRole> _roleRepository;

public RoleStore(DatabaseContext databaseContext)
{
_roleRepository = new RoleRepository<TRole>(databaseContext);
}

public IQueryable<TRole> Roles
{
get
{
return _roleRepository.GetRoles();
}
}

public Task CreateAsync(TRole role)
{
if (role == null)
{
throw new ArgumentNullException(“role”);
}
return Task.Run(() => _roleRepository.Create(role));
}

public Task DeleteAsync(TRole role)
{
if (role == null)
{
throw new ArgumentNullException(“role”);
}

return Task.Run(() => _roleRepository.Delete(role.Id));
}

public Task<TRole> FindByIdAsync(string roleId)
{
if (roleId == null)
{
throw new ArgumentNullException(“roleId”);
}

return Task.Run(() => _roleRepository.FindById(roleId));
}

public Task<TRole> FindByNameAsync(string roleName)
{
if (roleName == null)
{
throw new ArgumentNullException(“roleName”);
}

return Task.Run(() => _roleRepository.FindByNamec(roleName));
}

public Task UpdateAsync(TRole role)
{
if (role == null)
{
throw new ArgumentNullException(“role”);
}
return Task.Run(() => _roleRepository.Update(role));
}

public void Dispose()
{
_roleRepository.Dispose();
}
}

RoleSotre user RoleRepository , so create a RoleRepository class and implement it :

internal class RoleRepository<T> where T : IdentityRole
{
private readonly DatabaseContext _databaseContext;

public RoleRepository(DatabaseContext dataBaseContext)
{
_databaseContext = dataBaseContext;
}

internal IQueryable<T> GetRoles()
{
List<T> result = (List<T>)Activator.CreateInstance(typeof(List<T>));
var roles = _databaseContext.AspNetRoles.ToList();
foreach (var role in roles)
{
T item = (T)Activator.CreateInstance(typeof(T));
item.Id = role.Id;
item.Name = role.Name;
item.Description = role.Description;
result.Add(item);
}
return result.AsQueryable();
}

internal void Dispose()
{
_databaseContext.Dispose();
}

internal int Create(T role)
{
_databaseContext.AspNetRoles.Add(new AspNetRoles
{
Id = role.Id,
Description = role.Description,
Name = role.Name
});
return _databaseContext.SaveChanges();
}

internal int Delete(string id)
{
var existingRole = _databaseContext.AspNetRoles.Find(id.Trim());
if (existingRole != null)
{
_databaseContext.Entry(existingRole).State = EntityState.Deleted;
return _databaseContext.SaveChanges();
}
return -1;
}

internal T FindByNamec(string roleName)
{
var role = _databaseContext.AspNetRoles.FirstOrDefault(r => r.Name == roleName.Trim());
if (role == null)
{
return default(T);
}
T item = (T)Activator.CreateInstance(typeof(T));
item.Id = role.Id;
item.Name = role.Name;
item.Description = role.Description;
return item;
}

internal T FindById(string roleId)
{
var role = _databaseContext.AspNetRoles.Find(roleId.Trim());
if (role == null)
{
return default(T);
}
T item = (T)Activator.CreateInstance(typeof(T));
item.Id = role.Id;
item.Name = role.Name;
item.Description = role.Description;
return item;
}

internal int Update(T role)
{
var existingRole = _databaseContext.AspNetRoles.Find(role.Id.Trim());
if (existingRole != null)
{
existingRole.Name = role.Name;
existingRole.Description = role.Description;
_databaseContext.Entry(existingRole).State = EntityState.Modified;
return _databaseContext.SaveChanges();
}
return -1;
}
}

RUN IT

create an admin user using the following script
user name = admin@yopmail.com

Password = Admin1#

USE [AspNetIdentity]
GO

INSERT [dbo].[AspNetRoles] ([Id], [Name], [Description]) VALUES (N’admin’, N’Admin’, N’Administrator’)
GO
INSERT [dbo].[AspNetUsers] ([Id], [Email], [EmailConfirmed], [PasswordHash], [SecurityStamp], [PhoneNumber], [PhoneNumberConfirmed], [TwoFactorEnabled], [LockoutEndDateUtc], [LockoutEnabled], [AccessFailedCount], [UserName]) VALUES (N’d5452813-d698-4a62-91a9-14efb1743c7e’, N’admin@yopmail.com’, 0, N’AOtXU3XwTkD7OgNMQsGrRVB355ZvctkxV2WxY5TgFkVB5q8RxP88LyHje5u/Gh5ymQ==’, NULL, NULL, 0, 0, NULL, 1, 0, N’admin@yopmail.com’)
GO
INSERT [dbo].[AspNetUserRoles] ([RoleId], [UserId]) VALUES (N’admin’, N’d5452813-d698-4a62-91a9-14efb1743c7e’)
GO

this post is Highlighted in https://www.asp.net/community/articles  on 26/02/2017

Download source code

In our next tutorial, we will talk about OWIN and CATANA.

Best regards.