AspnetCoreAuth_RolandGuijt

Chapter 2 Understanding Authenticationa and Authorization

the sequence is important
• app.UseRouting();
• app.UseAuthentication();
• app.UseAuthorization();

Secure the password
• public User GetByUsernameAndPassword(string username, string password)

• check user cookie for login

Or inherited from public class ClaimsTransformer : IClaimsTransformation
```

@if (User.Identity.IsAuthenticated) {

Hi @User.Identity.Name!

Logout } else {

Login here:

Login

        }

```

• Manager google config using right click project -> Manger User Secrects

• Multiple authentication

Chapter 3 Implementing authentication with aspnet core identity

• Create project with Identity authentication
• Login features

    public class ApplicationUser : IdentityUser
    {
        public DateTime CareerStartedDate { get; set; }
        public string FullName { get; set; }
    }

• other customized indentity stores
  https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers?view=aspnetcore-5.0
  https://4sh.nl/IdentityConfigurationc

• Retrofit Identity pages (since default pages from Areas->Indentity + Microsoft.AspNetCore.Identity.UI)
  

• Customized claims
  or public class ClaimsTransformer : IClaimsTransformation

        public ApplicationUserClaimsPrincipalFactory(
            UserManager<ApplicationUser> userManager,
            RoleManager<IdentityRole> roleManager,
            IOptions<IdentityOptions> options
            ): base (userManager, roleManager, options)
        {
        }

        protected override async Task<ClaimsIdentity> 
            GenerateClaimsAsync(ApplicationUser user)
        {
            var identity = await base.GenerateClaimsAsync(user);

            identity.AddClaim(new Claim("CareerStarted",
                user.CareerStartedDate.ToShortDateString()));
            identity.AddClaim(new Claim("FullName",
                user.FullName));

            return identity;
        }

• Customize role or inherit RoleIdentity

public class IdentityHostingStartup : IHostingStartup

        public void Configure(IWebHostBuilder builder)
        {
            builder.ConfigureServices((context, services) =>
            {
                services.AddDbContext<ConfArchWebContext>(options =>
                    options.UseSqlServer(
                        context.Configuration
                            .GetConnectionString("ConfArchWebContextConnection")));

                services.AddIdentity<ApplicationUser, IdentityRole>(options =>
                    options.SignIn.RequireConfirmedAccount = true)
                    .AddEntityFrameworkStores<ConfArchWebContext>()
                    .AddDefaultUI()
                    .AddDefaultTokenProviders();

                services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>,
                    ApplicationUserClaimsPrincipalFactory>();
                services.AddTransient<IEmailSender, EmailSender>();

                services.AddAuthentication()
                    .AddGoogle(o =>
                    {
                        o.ClientId = "686977813024-1pabqkfoar3btu6tsh7puhu3pogcivi0.apps.googleusercontent.com";
                        o.ClientSecret = context.Configuration["Google:ClientSecret"];
                    });
            });
        }
        
        public ApplicationUserClaimsPrincipalFactory(
            UserManager<ApplicationUser> userManager,
            RoleManager<IdentityRole> roleManager,
            IOptions<IdentityOptions> options
            ): base (userManager, roleManager, options)
        {
        }
        

• Send email

• two factor authentication to use QR code scan https://4sh.nl/qrcodejs

• Link google account to internal login
  

• Identity server

• Oauth2 and OpenIdConnect