.NET 6 Scaffold Identity Without UI

[dday9]

Do you have any recommendations for scaffolding the Identity authorization/authentication guts without including any of the existing UI?

For background, I have a .NET 6 web API project, a .NET 6 class project (as a domain/service layer), a .NET 4.8 database project, and an Ionic/Angular web application.

I want to secure my web API so that I can easily add the authenticate attributes to my controller routes.

[dday9]

I will shamelessly bump this.

[Niya]

Wish I could help you with this. I've been meaning to dive deep into ASP.Net and web development for a long time now but I just haven't gotten around to it yet. I've dabble in it here and there but not enough to confidently advise anyone about it.

You can try having a conversation with ChatGPT about it, it might help guide you in the right direction. I've found it immensely helpful in learning new stuff as it can narrow down topics specifically to what you want. From there you can Google specifics based on what it tells you.

[peterst]

You have to create List(Of Claim) that you can use in authorization attribute ("admin", "manager", "operations"), ClaimsIdentity with the claims list and ClaimsPrincipal that uses the claims identity.

Then use HttpContext.SignInAsync() and the claims principal object to sign-in. You can use your own users data management instead of the template one generated by the scaffolding.

In the login/users controller return generated session token (e.g. GUID) that you can use to recognize the user - you have to keep somewhere the list of active tokens to users relation.

If you need to check if user is authenticated, use HttpContext.User.Identity.IsAuthenticated.

To sign-out user (or API client) - use HttpContext.SignOutAsync()

Finally, try not to pass the user login name and password outside the login process. Use tokens where you can identify the user.

[dday9]

You can try having a conversation with ChatGPT about it, it might help guide you in the right direction. I've found it immensely helpful in learning new stuff as it can narrow down topics specifically to what you want. From there you can Google specifics based on what it tells you.

Yeah, the issue is that there are approximately 50 million ways to implement auth in .NET core so the information its giving is too vague.

[dday9]

You have to create List(Of Claim) that you can use in authorization attribute ("admin", "manager", "operations"), ClaimsIdentity with the claims list and ClaimsPrincipal that uses the claims identity.

Then use HttpContext.SignInAsync() and the claims principal object to sign-in. You can use your own users data management instead of the template one generated by the scaffolding.

In the login/users controller return generated session token (e.g. GUID) that you can use to recognize the user - you have to keep somewhere the list of active tokens to users relation.

If you need to check if user is authenticated, use HttpContext.User.Identity.IsAuthenticated.

To sign-out user (or API client) - use HttpContext.SignOutAsync()

Finally, try not to pass the user login name and password outside the login process. Use tokens where you can identify the user.

To be honest, I was hoping more for a link that provides me with a step by step walkthrough without relying on using one of the templates because (by design) I selected an empty web API project template to begin with.

[peterst]

I am the link And I described step by step (or line by line if it is translated to code) what I did for simple login management.