:::moniker range=">= aspnetcore-6.0 < aspnetcore-8.0"
ASP.NET Core Identity:
- Is an API that supports user interface (UI) login functionality.
- Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
Users can create an account with the login information stored in Identity or they can use an external login provider. Supported external login providers include Facebook, Google, Microsoft Account, and Twitter.
For information on how to require authentication for all app users, see xref:security/authorization/secure-data#require-authenticated-users.
The Identity source code is available on GitHub. Scaffold Identity and view the generated files to review the template interaction with Identity.
Identity is typically configured using a SQL Server database to store user names, passwords, and profile data. Alternatively, another persistent store can be used, for example, Azure Table Storage.
In this topic, you learn how to use Identity to register, log in, and log out a user. Note: the templates treat username and email as the same for users. For more detailed instructions about creating apps that use Identity, see Next Steps.
ASP.NET Core Identity isn't related to the Microsoft identity platform. Microsoft identity platform is:
- An evolution of the Azure Active Directory (Azure AD) developer platform.
- An alternative identity solution for authentication and authorization in ASP.NET Core apps.
View or download the sample code (how to download).
Create an ASP.NET Core Web Application project with Individual User Accounts.
- Select the ASP.NET Core Web App template. Name the project WebApp1 to have the same namespace as the project download. Click OK.
- In the Authentication type input, select Individual User Accounts.
dotnet new webapp --auth Individual -o WebApp1
The preceding command creates a Razor web app using SQLite. To create the web app with LocalDB, run the following command:
dotnet new webapp --auth Individual -uld -o WebApp1
The generated project provides ASP.NET Core Identity as a Razor class library. The Identity Razor class library exposes endpoints with the Identity area. For example:
- /Identity/Account/Login
- /Identity/Account/Logout
- /Identity/Account/Manage
Apply the migrations to initialize the database.
Run the following command in the Package Manager Console (PMC):
Update-Database
Migrations are not necessary at this step when using SQLite.
[!INCLUDE more information on the CLI for EF Core]
For LocalDB, run the following command:
dotnet ef database update
Run the app and register a user. Depending on your screen size, you might need to select the navigation toggle button to see the Register and Login links.
Services are added in Program.cs. The typical pattern is to call methods in the following order:
Add{Service}builder.Services.Configure{Service}
:::code language="csharp" source="../sample/WebApp6x/Program.cs" id="snippet_":::
The preceding code configures Identity with default option values. Services are made available to the app through dependency injection.
Identity is enabled by calling xref:Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions.UseAuthentication%2A. UseAuthentication adds authentication middleware to the request pipeline.
The template-generated app doesn't use authorization. app.UseAuthorization is included to ensure it's added in the correct order should the app add authorization. UseRouting, UseAuthentication, and UseAuthorization must be called in the order shown in the preceding code.
For more information on IdentityOptions, see xref:Microsoft.AspNetCore.Identity.IdentityOptions and Application Startup.
Add the Register, Login, LogOut, and RegisterConfirmation files. Follow the Scaffold identity into a Razor project with authorization instructions to generate the code shown in this section.
If you created the project with name WebApp1, and you're not using SQLite, run the following commands. Otherwise, use the correct namespace for the ApplicationDbContext:
dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design
dotnet aspnet-codegenerator identity -dc WebApp1.Data.ApplicationDbContext --files "Account.Register;Account.Login;Account.Logout;Account.RegisterConfirmation"
When using SQLite, append --useSqLite or -sqlite:
dotnet aspnet-codegenerator identity -dc WebApp1.Data.ApplicationDbContext --files "Account.Register;Account.Login;Account.Logout;Account.RegisterConfirmation" --useSqLite
PowerShell uses semicolon as a command separator. When using PowerShell, escape the semicolons in the file list or put the file list in double quotes, as the preceding example shows.
For more information on scaffolding Identity, see Scaffold identity into a Razor project with authorization.
When a user clicks the Register button on the Register page, the RegisterModel.OnPostAsync action is invoked. The user is created by xref:Microsoft.AspNetCore.Identity.UserManager%601.CreateAsync(%600) on the _userManager object:
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Register.cshtml.cs" id="snippet" highlight="9":::
The Login form is displayed when:
- The Log in link is selected.
- A user attempts to access a restricted page that they aren't authorized to access or when they haven't been authenticated by the system.
When the form on the Login page is submitted, the OnPostAsync action is called. PasswordSignInAsync is called on the _signInManager object.
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Login.cshtml.cs" id="snippet" highlight="10-11":::
For information on how to make authorization decisions, see xref:security/authorization/introduction.
The Log out link invokes the LogoutModel.OnPost action.
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Logout.cshtml.cs" highlight="36":::
In the preceding code, the code return RedirectToPage(); needs to be a redirect so that the browser performs a new request and the identity for the user gets updated.
xref:Microsoft.AspNetCore.Identity.SignInManager%601.SignOutAsync%2A clears the user's claims stored in a cookie.
Post is specified in the Pages/Shared/_LoginPartial.cshtml:
:::code language="cshtml" source="../sample/WebApp3/Pages/Shared/_LoginPartial.cshtml" highlight="15":::
The default web project templates allow anonymous access to the home pages. To test Identity, add [Authorize]:
:::code language="csharp" source="../sample/WebApp3/Pages/Privacy.cshtml.cs" highlight="7":::
If you are signed in, sign out. Run the app and select the Privacy link. You are redirected to the login page.
To explore Identity in more detail:
- Create full identity UI source
- Examine the source of each page and step through the debugger.
All the Identity-dependent NuGet packages are included in the ASP.NET Core shared framework.
The primary package for Identity is Microsoft.AspNetCore.Identity. This package contains the core set of interfaces for ASP.NET Core Identity, and is included by Microsoft.AspNetCore.Identity.EntityFrameworkCore.
For more information and guidance on migrating your existing Identity store, see Migrate Authentication and Identity.
See Configuration for a sample that sets the minimum password requirements.
xref:Microsoft.Extensions.DependencyInjection.IdentityServiceCollectionUIExtensions.AddDefaultIdentity%2A was introduced in ASP.NET Core 2.1. Calling AddDefaultIdentity is similar to calling the following:
- xref:Microsoft.Extensions.DependencyInjection.IdentityServiceCollectionExtensions.AddIdentity%2A
- xref:Microsoft.AspNetCore.Identity.IdentityBuilderUIExtensions.AddDefaultUI%2A
- xref:Microsoft.AspNetCore.Identity.IdentityBuilderExtensions.AddDefaultTokenProviders%2A
See AddDefaultIdentity source for more information.
To prevent publishing static Identity assets (stylesheets and JavaScript files for Identity UI) to the web root, add the following ResolveStaticWebAssetsInputsDependsOn property and RemoveIdentityAssets target to the app's project file:
<PropertyGroup>
<ResolveStaticWebAssetsInputsDependsOn>RemoveIdentityAssets</ResolveStaticWebAssetsInputsDependsOn>
</PropertyGroup>
<Target Name="RemoveIdentityAssets">
<ItemGroup>
<StaticWebAsset Remove="@(StaticWebAsset)" Condition="%(SourceId) == 'Microsoft.AspNetCore.Identity.UI'" />
</ItemGroup>
</Target>- See this GitHub issue for information on configuring Identity using SQLite.
- Configure Identity
- xref:security/authorization/secure-data
- xref:security/authentication/add-user-data
- xref:security/authentication/identity-enable-qrcodes
- xref:migration/fx-to-core/examples/identity
- xref:security/authentication/accconfirm
- xref:security/authentication/2fa
- xref:host-and-deploy/web-farm
:::moniker-end
:::moniker range=">= aspnetcore-3.0 < aspnetcore-6.0"
ASP.NET Core Identity:
- Is an API that supports user interface (UI) login functionality.
- Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
Users can create an account with the login information stored in Identity or they can use an external login provider. Supported external login providers include Facebook, Google, Microsoft Account, and Twitter.
For information on how to require authentication for all app users, see xref:security/authorization/secure-data#require-authenticated-users.
The Identity source code is available on GitHub. Scaffold Identity and view the generated files to review the template interaction with Identity.
Identity is typically configured using a SQL Server database to store user names, passwords, and profile data. Alternatively, another persistent store can be used, for example, Azure Table Storage.
In this topic, you learn how to use Identity to register, log in, and log out a user. Note: the templates treat username and email as the same for users. For more detailed instructions about creating apps that use Identity, see Next Steps.
Microsoft identity platform is:
- An evolution of the Azure Active Directory (Azure AD) developer platform.
- An alternative identity solution for authentication and authorization in ASP.NET Core apps.
- Not related to ASP.NET Core Identity.
View or download the sample code (how to download).
Create an ASP.NET Core Web Application project with Individual User Accounts.
- Select File > New > Project.
- Select ASP.NET Core Web Application. Name the project WebApp1 to have the same namespace as the project download. Click OK.
- Select an ASP.NET Core Web Application, then select Change Authentication.
- Select Individual User Accounts and click OK.
dotnet new webapp --auth Individual -o WebApp1
The preceding command creates a Razor web app using SQLite. To create the web app with LocalDB, run the following command:
dotnet new webapp --auth Individual -uld -o WebApp1
The generated project provides ASP.NET Core Identity as a Razor class library. The Identity Razor class library exposes endpoints with the Identity area. For example:
- /Identity/Account/Login
- /Identity/Account/Logout
- /Identity/Account/Manage
Apply the migrations to initialize the database.
Run the following command in the Package Manager Console (PMC):
PM> Update-Database
Migrations are not necessary at this step when using SQLite.
[!INCLUDE more information on the CLI for EF Core]
For LocalDB, run the following command:
dotnet ef database update
Run the app and register a user. Depending on your screen size, you might need to select the navigation toggle button to see the Register and Login links.
Services are added in ConfigureServices. The typical pattern is to call all the Add{Service} methods, and then call all the services.Configure{Service} methods.
:::moniker-end
:::moniker range=">= aspnetcore-3.0 < aspnetcore-5.0"
:::code language="csharp" source="../sample/WebApp3/Startup.cs" id="snippet_configureservices" highlight="11-99":::
The preceding highlighted code configures Identity with default option values. Services are made available to the app through dependency injection.
Identity is enabled by calling xref:Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions.UseAuthentication%2A. UseAuthentication adds authentication middleware to the request pipeline.
:::code language="csharp" source="../sample/WebApp3/Startup.cs" id="snippet_configure" highlight="19":::
:::moniker-end
:::moniker range=">= aspnetcore-5.0 < aspnetcore-6.0"
:::code language="csharp" source="../sample/WebApp5x/Startup.cs" id="snippet_configureservices" highlight="12-99":::
The preceding code configures Identity with default option values. Services are made available to the app through dependency injection.
Identity is enabled by calling xref:Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions.UseAuthentication%2A. UseAuthentication adds authentication middleware to the request pipeline.
:::code language="csharp" source="../sample/WebApp5x/Startup.cs" id="snippet_configure" highlight="19":::
:::moniker-end
:::moniker range=">= aspnetcore-3.0 < aspnetcore-6.0"
The template-generated app doesn't use authorization. app.UseAuthorization is included to ensure it's added in the correct order should the app add authorization. UseRouting, UseAuthentication, UseAuthorization, and UseEndpoints must be called in the order shown in the preceding code.
For more information on IdentityOptions and Startup, see xref:Microsoft.AspNetCore.Identity.IdentityOptions and Application Startup.
Add the Register, Login, LogOut, and RegisterConfirmation files. Follow the Scaffold identity into a Razor project with authorization instructions to generate the code shown in this section.
If you created the project with name WebApp1, and you're not using SQLite, run the following commands. Otherwise, use the correct namespace for the ApplicationDbContext:
dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design
dotnet aspnet-codegenerator identity -dc WebApp1.Data.ApplicationDbContext --files "Account.Register;Account.Login;Account.Logout;Account.RegisterConfirmation"
When using SQLite, append --useSqLite or -sqlite:
dotnet aspnet-codegenerator identity -dc WebApp1.Data.ApplicationDbContext --files "Account.Register;Account.Login;Account.Logout;Account.RegisterConfirmation" --useSqLite
PowerShell uses semicolon as a command separator. When using PowerShell, escape the semicolons in the file list or put the file list in double quotes, as the preceding example shows.
For more information on scaffolding Identity, see Scaffold identity into a Razor project with authorization.
When a user clicks the Register button on the Register page, the RegisterModel.OnPostAsync action is invoked. The user is created by xref:Microsoft.AspNetCore.Identity.UserManager%601.CreateAsync(%600) on the _userManager object:
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Register.cshtml.cs" id="snippet" highlight="9":::
The Login form is displayed when:
- The Log in link is selected.
- A user attempts to access a restricted page that they aren't authorized to access or when they haven't been authenticated by the system.
When the form on the Login page is submitted, the OnPostAsync action is called. PasswordSignInAsync is called on the _signInManager object.
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Login.cshtml.cs" id="snippet" highlight="10-11":::
For information on how to make authorization decisions, see xref:security/authorization/introduction.
The Log out link invokes the LogoutModel.OnPost action.
:::code language="csharp" source="../sample/WebApp3/Areas/Identity/Pages/Account/Logout.cshtml.cs" highlight="36":::
In the preceding code, the code return RedirectToPage(); needs to be a redirect so that the browser performs a new request and the identity for the user gets updated.
xref:Microsoft.AspNetCore.Identity.SignInManager%601.SignOutAsync%2A clears the user's claims stored in a cookie.
Post is specified in the Pages/Shared/_LoginPartial.cshtml:
:::code language="cshtml" source="../sample/WebApp3/Pages/Shared/_LoginPartial.cshtml" highlight="15":::
The default web project templates allow anonymous access to the home pages. To test Identity, add [Authorize]:
:::code language="csharp" source="../sample/WebApp3/Pages/Privacy.cshtml.cs" highlight="7":::
If you are signed in, sign out. Run the app and select the Privacy link. You are redirected to the login page.
To explore Identity in more detail:
- Create full identity UI source
- Examine the source of each page and step through the debugger.
All the Identity-dependent NuGet packages are included in the ASP.NET Core shared framework.
The primary package for Identity is Microsoft.AspNetCore.Identity. This package contains the core set of interfaces for ASP.NET Core Identity, and is included by Microsoft.AspNetCore.Identity.EntityFrameworkCore.
For more information and guidance on migrating your existing Identity store, see Migrate Authentication and Identity.
See Configuration for a sample that sets the minimum password requirements.
To prevent publishing static Identity assets (stylesheets and JavaScript files for Identity UI) to the web root, add the following ResolveStaticWebAssetsInputsDependsOn property and RemoveIdentityAssets target to the app's project file:
<PropertyGroup>
<ResolveStaticWebAssetsInputsDependsOn>RemoveIdentityAssets</ResolveStaticWebAssetsInputsDependsOn>
</PropertyGroup>
<Target Name="RemoveIdentityAssets">
<ItemGroup>
<StaticWebAsset Remove="@(StaticWebAsset)" Condition="%(SourceId) == 'Microsoft.AspNetCore.Identity.UI'" />
</ItemGroup>
</Target>- ASP.NET Core Identity source code
- AddDefaultIdentity source
- See this GitHub issue for information on configuring Identity using SQLite.
- Configure Identity
- xref:security/authorization/secure-data
- xref:security/authentication/add-user-data
- xref:security/authentication/identity-enable-qrcodes
- xref:migration/fx-to-core/examples/identity
- xref:security/authentication/accconfirm
- xref:security/authentication/2fa
- xref:host-and-deploy/web-farm
:::moniker-end