4

I am creating a new web application that needs to authenticate users against an existing user table that exists from another web application. User registration, forgotten password, etc are handled in that application. All I need in my new application is login.

I wondered if it was possible to overwrite some Identity class to point to that table to authenticate the user so I can use the existing Identity functionality like the [Authorize] attribute on Controllers and to redirect back to the login page, etc.

Improve this question
1

2 Answers 2

Reset to default
4

I got the same situation like yours when trying to upgrade my legacy system to OWIN authentication, I also had my own User table and authentication workflow which's totally different with ASP.NET Identity offers.

Firstly I had tried to customize ASP.NET Identity, but it was not sorted out that way. My thought is Identity was painful and much more complicated to customize for legacy app since it has lots of abstract levels.

Eventually I have come up with the solution to strip out ASP.NET Identity and manage claim identity by myself. It's incredibly simple, my below simple demo code is how to login with OWIN without ASP.NET Identity, hope that helps:

private void OwinSignIn(User user, bool isPersistence = false)
{
    var claims = new[] {
                new Claim(ClaimTypes.Name, user.Name),
                new Claim(ClaimTypes.Email, user.Email)
            };

    var identity = new ClaimsIdentity(claims, DefaultApplicationTypes.ApplicationCookie);

    var roles = _roleService.GetByUserId(user.Id).ToList();
    if (roles.Any())
    {
        var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r.Name));
        identity.AddClaims(roleClaims);
    }

    var context = Request.GetOwinContext();
    var authManager = context.Authentication;

    authManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistence }, identity);
}

[HttpPost]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
        return View();

    var user = _userService.GetByEmail(model.Email);
    if (user != null && (user.Password == model.Password))
    {
        OwinSignIn(user, model.RememberMe);
        return RedirectToLocal(returnUrl);
    }

    ModelState.AddModelError("", "Invalid email or password");
    return View();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

It's really not that painful if you make you can make your database conform to the required format or you're using code first
@Coulton: we don't use EF, even our database schema for user authentication and authorization is different with ASP.NET Identity offers.
Fair enough then. I really quite like the simplicity of this.
0

You can have the Identity in a separate database without problems, as long as it has the identity format. Point the Usermanager/Rolemanager to your other database using the connection string.

If the existing authentication is not an identity setup, you won't be able to use the identity framework to connect to your other database out of the box. The identity framework expects a certain format. You can rewrite the managers to understand your user format in the database as long as you fulfill the minimum requirements as stated in the comments below.

You can always write your own OWIN behaviour though. See @Cuong Le's example

Improve this answer

2 Comments

If you have the flexibility to massage your existing database layout to conform to the Identity layout (or you can map it using code first) then it should work fine with the existing database. See stackoverflow.com/a/29600215/894792
Isn't that the same thing? The database has to be conform the Identity frameworks minimum layout and format. I will rewrite my answer somewhat.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.