ASP.NET Identity Architecture

Back to: ASP.NET Web API Tutorials For Begineers and Professionals

ASP.NET Identity Architecture

In this article, I am going to discuss the ASP.NET Identity Architecture and will discuss the different classes, and interfaces involved in it. Please read our previous article where we discussed What is ASP.NET Identity.

ASP.NET Identity Architecture

In ASP.NET Identity, there are 3 types of classes: Managers, Stores, and Entities. Managers are objects that we use in order to perform operations, such as registering a user, updating a user account, and deleting a user. Stores are objects used by Managers in order to persist and retrieve Entities, such as users and roles.

ASP.NET Identity Architecture

Entities in ASP.NET Identity:

There are 5 entities in ASP.NET Identity: IdentityUser, IdentityUserClaim, IdentityUserLogin, IdentityRole, and IdentityUserRole. All these Entities are belongs to Microsoft.AspNet.Identity.EntityFramework namespace.

Entities in ASP.NET Identity

IdentityUser

This class is used for registering users of your application and it belongs to Microsoft.AspNet.Identity.EntityFramework namespace. This class contains 15 properties as shown in the below image.

IdentityUser
The meaning of the above properties is as follows:

  1. Email: email address of the user
  2. EmailConfirmed: It will return a Boolean value indicating whether the user’s email is confirmed. True if the email is confirmed, default is false
  3. PasswordHash: The salted/hashed form of the user password.
  4. SecurityStamp: A random value that should change whenever a user’s credentials have changed (password changed, login removed).
  5. PhoneNumber: Phone Number for the user.
  6. PhoneNumberConfirmed: It will return a Boolean value indicating whether the user’s phone number is confirmed. True if the phone number is confirmed, default is false.
  7. TwoFactorEnabled: It will return a Boolean value indicating whether the two-factor authentication is enabled for the user or not.
  8. LockoutEndDateUtc: DateTime in UTC when the lockout ends, any time in the past is considered not locked out.
  9. LockoutEnabled: It will return a Boolean value indicating whether the user can be locked out. Is lockout enabled for this user?
  10. AccessFailedCount: Number of failed access attempts of the user. It is used to record failures for the purposes of lockout.
  11. Roles: Roles assigned to this user. Navigation property for user roles.
  12. Claims: Claims of the user. Navigation property for user claims.
  13. Logins: Login accounts of the user. Navigation property for user logins.
  14. Id: User ID (Primary Key). Id of the user.
  15. UserName: The user name of the user
IdentityRole

This class represents a Role Entity and it belongs to Microsoft.AspNet.Identity.EntityFramework namespace. It is used in a roles-based authorization. It contains 3 properties:

IdentityRole

The meaning of the above properties is as follows:

  1. Users: Users who are in this role. Navigation property for users in the role.
  2. Id: Role Id.
  3. Name: Roll Name.
IdentityUserLogin

It holds information about external authentication providers: Facebook, Google, Microsoft, etc and it belongs to Microsoft.AspNet.Identity.EntityFramework namespace. This class contains 3 properties:

IdentityUserLogin

The meaning of the above properties is as follows:

  1. LoginProvider: The login provider for the login (i.e. Facebook, Google).
  2. ProviderKey: Key representing the login for the provider.
  3. UserId: User Id for the user who owns this log in.
IdentityUserClaim

A set of claims (name-value pairs) that represent the user’s identity. It is used in a claims-based authorization. EntityType represents one specific user claim and it belongs to Microsoft.AspNet.Identity.EntityFramework namespace. This class contains 4 properties:

IdentityUserClaim

The meaning of the above properties is as follows:

  1. Id: Id of the claim. Primary key
  2. UserId: User Id for the user who owns this log in.
  3. ClaimType: Type of the claim
  4. ClaimValue: Value of the claim
IdentityUserRole

This Entity contains information about which roles a user is assigned to and it belongs to Microsoft.AspNet.Identity.EntityFramework namespace. This class contains 2 properties:

IdentityUserRole

The meaning of the above properties is as follows:

  1. UserId: UserId for the user that is in the role.
  2. RoleId: RoleId for the role.

Stores in ASP.NET Identity

In ASP.NET Identity there are 2 types of stores: UserStore and RoleStore.

UserStore in ASP.NET Identity

The UserStore class implements the following interfaces. All these Interfaces belong to Microsoft.AspNet.Identity namespace.

UserStore in ASP.NET Identity

IUserStore

This is an Interface that exposes basic user management APIs. This interface contains 5 methods:

IUserStore

The use of the above five methods is as follows:

  1. CreateAsync(): Create or Insert a new user
  2. DeleteAsync(): Delete a user
  3. FindByIdAsync(): Find a user by Id
  4. FindByNameAsync(): Find a user by username
  5. UpdateAsync(): Update a user
IUserPasswordStore

This Interface is used to store a user’s password hash, and it contains 3 methods:

IUserPasswordStore

The use of the above three methods is as follows:

  1. GetPasswordHashAsync(): Get the user password hash.
  2. HasPasswordAsync(): Check if a user has a password. It returns true if a user has a password set.
  3. SetPasswordHashAsync(): Set the user password hash.
IUserRoleStore

This Interface is used to map users to their roles and it contains 4 methods:

IUserRoleStore

The use of the above four methods is as follows:

  1. AddToRoleAsync(): Add a user to a role.
  2. GetRolesAsync(): Returns all roles of a user.
  3. IsInRoleAsync(): Check if a user is in a role. That means it returns true if a user is in the role.
  4. RemoveFromRoleAsync(): Removes the role for the user.
IUserClaimStore

This Interface is used to store user-specific claims and it contains 3 methods:

IUserClaimStore

The use of the above three methods is as follows:

  1. AddClaimAsync(): Add a claim to a user.
  2. GetClaimsAsync(): Returns all claims of a user.
  3. RemoveClaimAsync(): Remove a claim from a user
IUserLoginStore

This Interface maps users to login providers, i.e. Google, Facebook, Twitter, and Microsoft and it contains 4 methods:

IUserLoginStore

The use of the above four methods is as follows:

  1. AddLoginAsync(): Adds a user login with the specified provider and key.
  2. FindAsync(): Returns the user associated with this login.
  3. GetLoginsAsync(): Get all logins of a user i.e. returns the linked accounts for this user.
  4. RemoveLoginAsync(): Remove a login from a user. That means removing the user login with the specified combination if it exists.
IUserPhoneNumberStore

This Interface is used to store a user’s phone number and it contains 4 methods:

IUserPhoneNumberStore

The use of the above four methods is as follows:

  1. GetPhoneNumberAsync(): Get the user’s phone number.
  2. GetPhoneNumberConfirmedAsync(): Check if a user’s phone number is confirmed. Returns true if the user’s phone number is confirmed else false.
  3. SetPhoneNumberAsync(): Set the user’s phone number.
  4. SetPhoneNumberConfirmedAsync(): Sets whether the user’s phone number is confirmed or not.
IUserEmailStore

This Interface is used to store a user’s email and it contains 5 methods:

IUserEmailStore

The use of the above five methods is as follows:

  1. FindByEmailAsync(): Returns the user associated with the email.
  2. GetEmailAsync(): Get the user’s email
  3. GetEmailConfirmedAsync(): Check if a user’s email is confirmed. Returns true if the user email is confirmed else false.
  4. SetEmailAsync(): Set the user email.
  5. SetEmailConfirmedAsync(): Sets whether the user email is confirmed or not.
IUserSecurityStampStore

This interface is used to store a user’s security stamp and it contains 2 methods:

IUserSecurityStampStore

The use of the above two methods is as follows:

  1. GetSecurityStampAsync(): Get the user security stamp.
  2. SetSecurityStampAsync(): Set the user security stamp.
IUserTwoFactorStore

This interface Stores whether two-factor authentication is enabled for a user and it contains 2 methods:

IUserTwoFactorStore

The use of the above two methods is as follows:

  1. GetTwoFactorEnabledAsync(): Returns whether two-factor authentication is enabled for the user.
  2. SetTwoFactorEnabledAsync(): Sets whether two-factor authentication is enabled for the user.
IUserLockoutStore

This Interface stores information that can be used to implement account lockout, including access failures and lockout status. It contains 7 methods:

IUserLockoutStore

The use of the above seven methods is as follows:

  1. GetAccessFailedCountAsync(): Returns the current number of failed access attempts. This number usually will be reset whenever the password is verified or the account is locked out.
  2. GetLockoutEnabledAsync(): Returns whether the user can be locked out.
  3. GetLockoutEndDateAsync(): Returns the DateTimeOffset that represents the end of a user’s lockout, any time in the past should be considered not locked out.
  4. IncrementAccessFailedCountAsync(): Increment a user’s current failed access attempts. That means it is used to record when an attempt to access the user has failed.
  5. ResetAccessFailedCountAsync(): It is used to reset the access failed count, typically after the account is successfully accessed
  6. SetLockoutEnabledAsync(): Sets whether the user can be locked out.
  7. SetLockoutEndDateAsync(): Set a user’s lockout end date. Locks a user out until the specified end date (set to a past date, to unlock a user).
IQueryableUserStore

The interface that exposes IQueryable users. This interface contains a property that holds the queryable users.

IQueryableUserStore

RoleStore in ASP.NET Identity:

The RoleStore class in ASP.NET Identity implements the following interfaces:

RoleStore in ASP.NET Identity

IRoleStore

This Interface exposes basic role management and it belongs to Microsoft.AspNet.Identity namespace. It contains 5 methods.

IRoleStore

The use of the above five methods is as follows:

  1. CreateAsync(): Create a new role.
  2. DeleteAsync(): Delete a role.
  3. FindByIdAsync(): Find a role by Id.
  4. FindByNameAsync(): Find a role by name.
  5. UpdateAsync(): Update a role.
IQueryableRoleStore

An Interface that exposes IQueryable roles. This interface contains a property that holds the queryable roles.

IQueryableRoleStore

Managers in ASP.NET Identity

In ASP.NET Identity there are 3 types of managers: UserManager, RoleManager, and a SignInManager.

  1. UserManager: Performs user-related operations by calling the UserStore
  2. RoleManager: Performs role-related operations by calling the RoleStore
  3. SignInManager: Performs sign-in operations for users

Note: As we said in the previous section, ASP.NET Identity is based on Entity Framework Code First. If you do not want to use Entity Framework for persistence, you can create your own persistence mechanism by implementing the above interfaces in your customized classes. In these tutorials, we are going to use the default implementation.

In the next article, I am going to discuss Getting Started with ASP.NET Identity with New and Existing Projects. Here, in this article, I try to explain the ASP.NET Identity Architecture. I hope you enjoy this ASP.NET Identity Architecture article.

Leave a Reply

Your email address will not be published. Required fields are marked *