UserManager SignInManager RoleManager in ASP.NET Core Identity

Back to: ASP.NET Core Identity Tutorials

UserManager SignInManager RoleManager in ASP.NET Core Identity

In this article, I will discuss the Roles and Responsibilities of UserManager, SignInManager, and RoleManager Classes in ASP.NET Core Identity. Please read our previous article discussing ASP.NET Core Identity Tables Structure in detail.

UserManager Class in ASP.NET Core Identity

The UserManager<TUser> class is used to manage user information. The TUser parameter is typically an instance of a class that extends IdentityUser. This class provides methods for creating, deleting, updating, and retrieving user information and managing user-related features like changing passwords, assigning roles, and claims. The following are some of the key functionalities provided by UserManager:

• Creating and Deleting Users: You can create new user accounts using CreateAsync and delete them with DeleteAsync.
• Managing Passwords: This includes changing passwords (ChangePasswordAsync), resetting passwords (ResetPasswordAsync), and checking if a password meets the specified criteria (CheckPasswordAsync).
• Managing User Roles: Functions like AddToRoleAsync and RemoveFromRoleAsync are used to assign and remove roles for users.
• Lockout functionality: This includes enabling or disabling account lockout and setting lockout durations.
• Two-factor authentication: Managing two-factor authentication settings for users.

How to Use UserManager Class in ASP.NET Core Identity?

The UserManager in ASP.NET Core Identity is a class that provides methods for managing users in your application. The UserManager is a generic class and works with an entity (TUser) that must extend IdentityUser. Typically, it is injected into your controllers or other services via dependency injection. For a better understanding, please observe the following code where we have injected the UserManager<ApplicationUser> instance through the constructor of a controller. Here, ApplicationUser is a class inherited from the IdentityUser class.

public class MyController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;

    public MyController(UserManager<ApplicationUser> userManager)
    {
        _userManager = userManager;
    }
}

Methods Provided by UserManager Class in ASP.NET Core Identity:

• CreateAsync(TUser user, string password): Creates a new user with the specified password.
• DeleteAsync(TUser user): Deletes the specified user.
• FindByIdAsync(string userId): Finds and returns a user, if any, who has the specified user ID.
• FindByEmailAsync(string email): Finds and returns a user, if any, who has the specified email address.
• FindByNameAsync(string userName): Finds and returns a user, if any, who has the specified username.
• UpdateAsync(TUser user): Updates the specified user’s information.
• AddToRoleAsync(TUser user, string role): Adds the specified user to the named role.
• RemoveFromRoleAsync(TUser user, string role): Remove the specified user from the named role.
• IsInRoleAsync(TUser user, string role): Returns true if the specified user is in the named role.
• ChangePasswordAsync(TUser user, string currentPassword, string newPassword): Changes a user’s password after confirming the current password.
• ResetPasswordAsync(TUser user, string token, string newPassword): After confirming the password reset token, it resets the user’s password to the specified new password.
• GeneratePasswordResetTokenAsync(TUser user): Generates a password reset token for the user.
• ConfirmEmailAsync(TUser user, string token): Confirms the user’s email address with the specified token.
• GenerateEmailConfirmationTokenAsync(TUser user): Generates an email confirmation token for the user.
• CheckPasswordAsync(TUser user, string password): This function checks if the given password is valid for the specified user.
• GetRolesAsync(TUser user): Returns a list of role names the specified user belongs to.
• GetUserIdAsync(TUser user): Returns the user ID for the specified user.
• GetUserNameAsync(TUser user): Returns the username for the specified user.
• GetUsersInRoleAsync(string roleName): Returns a list of users who belong to the specified role.
• AccessFailedAsync(TUser user): This function increments the user’s access failed count, and if it reaches the maximum number of attempts, it locks out the user.

SignInManager Class in ASP.NET Core Identity

The SignInManager<TUser> in ASP.NET Core Identity is a generic class that handles authentication and sign-in operations for users. It depends on the UserManager class to manage user authentication and perform sign-in and sign-out operations. The following are some of its primary responsibilities:

• Password Sign-in: The PasswordSignInAsync method of the SignInManager<TUser> class is used to sign in a user with their username and password.
• External Authentication: The ExternalLoginSignInAsync method of the SignInManager<TUser> class handles sign-ins with external login providers like Google, Facebook, etc.
• Sign-out: SignOutAsync method is used to sign a user out of the application.
• Two-Factor Authentication Sign-in: Methods like TwoFactorSignInAsync manages the process of signing in with two-factor authentication.
• Remember Me Functionality: This is handled during the sign-in process, where a persistent cookie will be created if the user opts for the “remember me” option.

How to Use ASP.NET Core Identity SignInManager?

SignInManager instance is typically injected into your controllers or services using dependency injection. For example, in the controller, add a constructor that accepts SignInManager<IdentityUser> as a parameter as follows:

private readonly SignInManager<IdentityUser> _signInManager;

public AccountController(SignInManager<IdentityUser> signInManager)
{
    _signInManager = signInManager;
}

Methods Provided by SignInManager Class in ASP.NET Core Identity:

• PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure): Attempts to sign in a user with a username and password. The isPersistent parameter indicates whether the sign-in cookie should persist across browser sessions, and lockoutOnFailure indicates if the user account should be locked on a failed sign-in attempt.
• SignOutAsync(): Signs the current user out.
• RefreshSignInAsync(TUser user): This function refreshes the current user’s sign-in information, which is typically used when updating the security stamp.
• SignInAsync(TUser user, bool isPersistent, string authenticationMethod = null): Signs in the user without password verification.
• ExternalLoginSignInAsync(string loginProvider, string providerKey, bool isPersistent): Attempts to sign in a user with an external login (such as Facebook or Google).
• GetExternalLoginInfoAsync(string expectedXsrf = null): Gets the information about the user from an external login provider.
• TwoFactorSignInAsync(string provider, string code, bool isPersistent, bool rememberClient): Attempts to sign in a user with a two-factor authentication code.
• IsSignedIn(ClaimsPrincipal principal): Checks if the specified ClaimsPrincipal is signed in.
• ValidateSecurityStampAsync(TUser user): Validate the security stamp for the specified user.
• CanSignInAsync(TUser user): Checks if the specified user is allowed to sign in.
• CheckPasswordSignInAsync(TUser user, string password, bool lockoutOnFailure): Attempts to sign in a user with a password without generating a security stamp.
• ConfirmEmailSignInAsync(TUser user, string token, bool isPersistent): Signs in a user after confirming their email.
• GetTwoFactorAuthenticationUserAsync(): Retrieves the user for whom two-factor authentication is currently active.
• RememberTwoFactorClientAsync(TUser user): This function remembers the browser/device for two-factor authentication to avoid requesting a second factor on subsequent logins.
• GetRememberedTwoFactorClientAsync(): Retrieves the information about a remembered browser/device for two-factor authentication.

RoleManager Class in ASP.NET Core Identity

The RoleManager<TRole> class manages roles in the application. The TRole parameter is typically an instance of a class that extends IdentityRole. This class provides methods for the creation, deletion, and updating of roles, assigning roles to users, as well as managing claims associated with roles. This is used to implement role-based access control (RBAC) in your applications to manage user permissions effectively. The following are some of the key functionalities of the RoleManager class in ASP.NET Core Identity:

• Creating and Deleting Roles: Methods like CreateAsync and DeleteAsync methods allow for managing roles within the application.
• Role Existence Checks: RoleExistsAsync checks whether a specified role exists in the system.
• Managing Role Claims: The AddClaimAsync and RemoveClaimAsync methods add or remove claims to roles, facilitating fine-grained access control based on role capabilities.

• Adding and Removing Users from Roles: AddToRoleAsync and RemoveRoleAsync methods allow for Adding and removing users from roles.

How to use ASP.NET Core Identity RoleManager Class?

Inject the RoleManager instance into your classes (like Controllers or service classes) where you need to manage roles. This is done through dependency injection. For example, in the controller, add a constructor that accepts RoleManager<IdentityRole> as a parameter as follows:

private readonly RoleManager<IdentityRole> _roleManager;

public MyController(RoleManager<IdentityRole> roleManager)
{
    _roleManager = roleManager;
}

Methods Provided by RoleManager Class in ASP.NET Core Identity:

• CreateAsync(T role): Creates a new role asynchronously.
• UpdateAsync(T role): Updates a role asynchronously.
• DeleteAsync(T role): Deletes a role asynchronously.
• FindByIdAsync(string roleId): Finds a role by its ID asynchronously.
• FindByNameAsync(string roleName): Finds a role by its name asynchronously.
• RoleExistsAsync(string roleName): Checks if a role exists asynchronously.
• AddClaimAsync(T role, Claim claim): Adds a claim to a role asynchronously.
• RemoveClaimAsync(T role, Claim claim): Removes a claim from a role asynchronously.
• GetClaimsAsync(T role): Gets claims for a role asynchronously.
• GetRolesAsync(TUser user): Gets the roles for the specified user asynchronously.

Differences Between UserManager, SignInManager, and RoleManager in ASP.NET Core Identity

• UserManager deals with users, SignInManager handles the authentication process, and RoleManager focuses on roles.
• SignInManager often depends on UserManager to perform user-related checks during the sign-in process, but UserManager can function independently for user management tasks.
• SignInManager is more about authentication (verifying who the user is), while UserManager and RoleManager can be involved in authorization (determining what the user is allowed to do). RoleManager specifically deals with role-based access control.
• SignInManager contains specific security features, such as external login and two-factor authentication (2FA), that are not part of UserManager or RoleManager.

In a controller, you might inject these managers as follows:

public class AccountController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;
    private readonly SignInManager<IdentityUser> _signInManager;
    private readonly RoleManager<IdentityRole> _roleManager;

    public AccountController(
        UserManager<IdentityUser> userManager,
        SignInManager<IdentityUser> signInManager,
        RoleManager<IdentityRole> roleManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
        _roleManager = roleManager;
    }

    // Controller actions...
}

These managers simplify the process of implementing common identity and access management tasks in ASP.NET Core applications. From our next article onwards, we will use these Manager classes to perform different kinds of operations.

In the next article, I will discuss Register New User Using ASP.NET Core Identity. Here, in this article, I try to explain the UserManager, SignInManager, and RoleManager Classes in ASP.NET Core Identity. I hope you enjoy this UserManager, SignInManager, and RoleManager Classes in ASP.NET Core Identity article.