By Identity, I'm referring to the new ASP.NET Identity authentication. It's a bit different than what I'm use to doing. For one, it's based on a fluent code-first data model. So in order to extend Identity classes, such as User, you need to modify and extend the ApplicationUser model and persist the changes via migrations to the database.
I must say, it's a bit of a disappointment in terms functionality. You get a basic auth system right out of the box, but the system itself lacks basic fundamental security. For instance... you don't get a feature to lock a user account. I also would have expected to see some question/answer functionality for retrieving forgotten passwords. Although these are easy enough to implement by extending the model, I would have like to have seen a more thorough framework.
I will be posting a document in the near future explaining in detail how to extend the user models and make a more secure authentication system.
No comments:
Post a Comment