0

i have a few questions. I have a setup with an asp.net core application with identityserver4 and EF. that works fine. Now i want to know which way i have to store items in the database.

i have seven tables for identity database:

AspNetUSerRoleClaims - claims for roles (which roles has access to what)
AspNetRoles - roles of the user
AspNetUserClaims - claims of the user like firstname, country
AspNetUserLogins - how to use this table?
AspNetUserRoles - roles for users
AspNetUsers - user stored here
AspNetUserTokens - how to use this table

Now i have registered a user and a few roles in the database and set the connection to the AspNetUserRoles (which role has the user). Now i want to add more information to the user through the registration like country, given_name, family_name. But where i have to store them. only in the AspNetUserClaims or should i store the information in the AspNetUser table (through ApplicationUser and a extra column in the AspNetUser table)?

And how can i store items in the AspNetLogin and AspNetToken table or is this automatically done by the Identityserver?

Thanks in advance for your answer

Improve this question
4
  • Whether or not to store as columns or claims is primarily opinion-based - both approaches work. IdentityServer does not use the AspNet* tables at all - AspNetLogins stores third-party logins (e.g. Facebook, Google) that are linked to AspNetUsers and AspNetUserTokens is for third-party login tokens linked to AspNetUsers and AspNetLogins. Commented Jul 20, 2018 at 12:48
  • ok thank you. I thought Identityserver uses the claims table to put them in an id-token or access-token? I see there is a IdentityClaims table too, how works the user claims with the identityClaims together? Commented Jul 20, 2018 at 14:00
  • Not directly, it doesn't. Remember that IS4 works with not just Identity - You can have in memory users, etc, which couldn't possibly get claims from AspNetUserClaims in the database. It's an extension point - IProfileService - which sits in between IS4 itself and Identity to map between the two. IdentityClaims is an IS4 table, but these represent the concept of which claims are available for which IdentityResources. It's a big subject... Commented Jul 20, 2018 at 14:05
  • ah there is light at the end of the tunnel. thank you very much, now i understand it more Commented Jul 20, 2018 at 14:42

1 Answer 1

Reset to default
2

I have a similar problem and have posted a related article.

What I can say is this ...

  1. The AspNet* tables are created for normal AspNet Identity authentication (ie if your are NOT using other authentication mechanisms or custom user stores)
  2. If you want to add Columns to the AspNetUsers table, you extend the IdentityUser class. (eg public class MyApplicationUser : IdentityUser), then add your custom properties (eg FirstName). This essentially changes the model. To ensure that EF writes your model changes to the DB table, you need to extend the IdentityDbContext class with your new MyApplicationUser class.
  3. If you want custom claims for the user (eg. hair_color) to be added to the AspNetUserClaims table, you need to call userManager.AddClaimAsync(). You could do this during the registration process or login process with data from the form, or from claims received from external auth providers such as Google, Facebook, Twitter etc.
  4. In general, if you are using IdentityServer, the AspNetUserTokens table is NOT used as IDS' primary responsibility is to issue and validate tokens (id_tokens, access_tokens etc)

Hope this helps getting you started.

I'm trying to figure out if its best practice to add additional user information to the entity (ie AspNetUsers) or to add them as claims in AspNetUserClaims.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for your answer. what i have found out, that you can use the AspNetUserClaims for additional information. It´s in your hand, how you add these informatioins. I add these informations to the claims.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.