0

I'm working on an open source project using ASP.NET MVC 5 and Identity 2 and I'm wondering how to create the first(root) user in my application.

I've searched it on Google, and the only solution I found is to integrate the whole process into the Seed() function:

// From http://stackoverflow.com/questions/27498921/creating-asp-net-identity-user-in-seed-method-of-db-initializer
protected override void Seed(EvContext context)
{
   //Add other entities using context methods
   ApplicationUserManager manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context));
   var user = new ApplicationUser { Email = "admin@myemail.com" ,UserName = "admin@myemail.com"};
   var result = await manager.CreateAsync(user, "Temp_123");//this line gives error. obviously await cannot be used in non- async method and I cannot make Seed async
}

But as this is a open source project, I don't want the password to be shown on the code but be implemented somewhere while deploying. Someone tells me that I can use OWIN, but I can't find any solutions. What's your solution? Thanks!

t123yh
  • 657
  • 2
  • 7
  • 18

2 Answers2

1

1- If your users download the source code and they will compile/deploy it in Visual studio: Put these kind of default or seed in WebConfig and read it in your class. See an example here

2- If your users normally deploy a compiled version, I have theses suggestions:

  1. Leave it as is and inform users about the default password
  2. Disable Auto Seed function and create a deploy webpage/controller. Make the instruction that when the users want to launch for the first time they need to goto the installer page and make the first user at that time..
  3. Disable Auto Seed function. Create a setting table/filed in a database such as isDeployed. In the AppStart check for isDeployed and if it is false redirect all of the requests to the installer page and make the first user at that time.
Community
  • 1
  • 1
Amir
  • 1,722
  • 22
  • 20
0

In my opinion it is not a bad solution to provide first user with a known login and password. The deployment procedure should have steps to change the initial password.

Marcin Iwanowski
  • 721
  • 3
  • 6