Customize authentication to my own set of tables in asp.net web api 2?

by sunil ravulapalli /20. December 2013 03:32 /asp.net-web-api /Comments (0)

Assuming your table is called AppUser, convert your own AppUser domain object to IUser(using Microsoft.AspNet.Identity) like this

using Microsoft.AspNet.Identity; 
public class AppUser : IUser 
{ 
    //Existing database fields 
    public long AppUserId { get; set; } 
    public long AppUserName { get; set; } 
    public string AppPassword { get; set; } 
    [NotMapped] 
    public virtual string Id 
    { 
       get
       {
          return AppUserId;
       } 
    } 
    [NotMapped] 
    public string UserName 
    { 
        get { return AppUserName; } 
        set { AppUserName = value; } 
    } 
}

Implement the UserStore object like this

	using Microsoft.AspNet.Identity;
	public class UserStoreService : 
		IUserStore<AppUser>, IUserPasswordStore<AppUser>, 
		IUserSecurityStampStore<AppUser>
	{
		CompanyDbContext context = new CompanyDbContext();

		public Task CreateAsync(AppUser user)
		{            
			throw new NotImplementedException();
		}

		public Task DeleteAsync(AppUser user)
		{
			throw new NotImplementedException();
		}

		public Task<AppUser> FindByIdAsync(string userId)
		{
			throw new NotImplementedException();
		}

		public Task<AppUser> FindByNameAsync(string userName)
		{
			Task<AppUser> task = 
			context.AppUsers.Where(apu => apu.AppUserName == userName)
			.FirstOrDefaultAsync();

			return task;
		}

		public Task UpdateAsync(AppUser user)
		{
			throw new NotImplementedException();
		}

		public void Dispose()
		{
			context.Dispose();
		}

		public Task<string> GetPasswordHashAsync(AppUser user)
		{
			if (user == null)
			{
				throw new ArgumentNullException("user");
			}

			return Task.FromResult(user.AppPassword);
		}

		public Task<bool> HasPasswordAsync(AppUser user)
		{
			return Task.FromResult(user.AppPassword != null);
		}

		public Task SetPasswordHashAsync(AppUser user, string passwordHash)
		{
			throw new NotImplementedException();
		}

		public Task<string> GetSecurityStampAsync(AppUser user)
		{
			throw new NotImplementedException();
		}

		public Task SetSecurityStampAsync(AppUser user, string stamp)
		{
			throw new NotImplementedException();
		}
	}

If you have your own custom password hashing you will also need to implement IPasswordHasher. Below is an example where there is no hashing of the password(Oh no!)

	using Microsoft.AspNet.Identity;
	public class MyPasswordHasher : IPasswordHasher
	{
		public string HashPassword(string password)
		{
			return password;
		}

		public PasswordVerificationResult VerifyHashedPassword
		(string hashedPassword, string providedPassword)
		{
			if (hashedPassword == HashPassword(providedPassword))
				return PasswordVerificationResult.Success;
			else
				return PasswordVerificationResult.Failed;
		}
	}

In Startup.Auth.cs replace

	UserManagerFactory = () => 
		new UserManager<IdentityUser>(new UserStore<IdentityUser>());

with

	UserManagerFactory = () => 
                new UserManager<AppUser>(new UserStoreService()) { PasswordHasher = new MyPasswordHasher() };

In ApplicationOAuthProvider.cs, replace IdentityUser with AppUser In AccountController.cs, replace IdentityUser with AppUser and delete all the external authentication methods like GetManageInfo and RegisterExternal etc.

blog comments powered by Disqus