4

I am creating a new web application that needs to authenticate users against an existing user table that exists from another web application. User registration, forgotten password, etc are handled in that application. All I need in my new application is login.

I wondered if it was possible to overwrite some Identity class to point to that table to authenticate the user so I can use the existing Identity functionality like the [Authorize] attribute on Controllers and to redirect back to the login page, etc.

GMon
  • 638
  • 6
  • 14

2 Answers2

3

I got the same situation like yours when trying to upgrade my legacy system to OWIN authentication, I also had my own User table and authentication workflow which's totally different with ASP.NET Identity offers.

Firstly I had tried to customize ASP.NET Identity, but it was not sorted out that way. My thought is Identity was painful and much more complicated to customize for legacy app since it has lots of abstract levels.

Eventually I have come up with the solution to strip out ASP.NET Identity and manage claim identity by myself. It's incredibly simple, my below simple demo code is how to login with OWIN without ASP.NET Identity, hope that helps:

private void OwinSignIn(User user, bool isPersistence = false)
{
    var claims = new[] {
                new Claim(ClaimTypes.Name, user.Name),
                new Claim(ClaimTypes.Email, user.Email)
            };

    var identity = new ClaimsIdentity(claims, DefaultApplicationTypes.ApplicationCookie);

    var roles = _roleService.GetByUserId(user.Id).ToList();
    if (roles.Any())
    {
        var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r.Name));
        identity.AddClaims(roleClaims);
    }

    var context = Request.GetOwinContext();
    var authManager = context.Authentication;

    authManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistence }, identity);
}

[HttpPost]
public ActionResult Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
        return View();

    var user = _userService.GetByEmail(model.Email);
    if (user != null && (user.Password == model.Password))
    {
        OwinSignIn(user, model.RememberMe);
        return RedirectToLocal(returnUrl);
    }

    ModelState.AddModelError("", "Invalid email or password");
    return View();
}
cuongle
  • 74,024
  • 28
  • 151
  • 206
  • It's really not that painful if you make you can make your database conform to the required format or you're using code first – Luke May 26 '15 at 10:25
  • @Coulton: we don't use EF, even our database schema for user authentication and authorization is different with ASP.NET Identity offers. – cuongle May 26 '15 at 10:27
  • 1
    Fair enough then. I really quite like the simplicity of this. – Luke May 26 '15 at 10:41
0

You can have the Identity in a separate database without problems, as long as it has the identity format. Point the Usermanager/Rolemanager to your other database using the connection string.

If the existing authentication is not an identity setup, you won't be able to use the identity framework to connect to your other database out of the box. The identity framework expects a certain format. You can rewrite the managers to understand your user format in the database as long as you fulfill the minimum requirements as stated in the comments below.

You can always write your own OWIN behaviour though. See @Cuong Le's example

Kevin Hendricks
  • 785
  • 1
  • 8
  • 36
  • If you have the flexibility to massage your existing database layout to conform to the Identity layout (or you can map it using code first) then it should work fine with the existing database. See http://stackoverflow.com/a/29600215/894792 – Luke May 26 '15 at 10:28
  • Isn't that the same thing? The database has to be conform the Identity frameworks minimum layout and format. I will rewrite my answer somewhat. – Kevin Hendricks May 26 '15 at 10:31