BTI420 notes – Wed Feb 19

Security topic – an introduction to ASP.NET Identity.


Introduction to ASP.NET Identity

A new system named ASP.NET Identity can be configured for a web app.

The easiest way to get started is to create a new project that uses “Individual User Accounts” as its authentication choice. The sections below introduce you to ASP.NET Identity.

The official ASP.NET web site has authoritative information about ASP.NET Identity.


Must learn and know these topics now

How to select an authentication scheme: When creating a project, ensure that you choose one of the authentication choices.

In BTI420, we will use Individual User Accounts.

You must know the definition of authentication (aka AuthN). Lots of sources, including Wikipedia.

When a user performs a login task, authentication is the name of the login process.

You must know the definition of authorization (AuthZ). Lots of sources, including Wikipedia.

When a user attempts to perform a task in the app, the app checks whether the user is authorized to perform the task.

Terminology. Know the following:

  • User – user name, and a shared secret (aka password)
  • Claim – data from a trusted provider; includes information about the user and their capability
  • Role – a user grouping mechanism to simplify the authorization task
  • Principal – an object that represents a claim, and is attached to the execution context


Must learn as you create apps that use security features

Components, dependencies.

Alternative authentication schemes – enterprise, web apps.

Async, task, delegate.


Overview of a project that uses AuthN and AuthZ

Choose “Individual User Accounts”.

Many libraries are now part of the project – in Solution Explorer, open the “References” node. 

There’s a new “Startup” class to configure security when the app launches.

Design model classes, and view model classes, to support security features.

Web.config connection string; must change 1) store file name, and 2) name of the connection string:

  1. Change the name of the store file. Choose a shorter name, unique to the app. For example, “<projectname>Store”.
  2. Change the connection string name to “DataContext”.
  3. Then, in IdentityModels.cs, change the connection string name to match.

Account controller and views. Open and study.

New links to Register, Log In, and manage an account.

Data annotations that implement authorization.


Gentle introduction; getting started

In class, we’ll create a simple web app that uses security features.

In the GitHub code repository, a fully-functioning web app example is available, named SecuredLocalAccounts.













  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: