Identity Security

Last Updated: 2019-02-03

Identity Security is a basic implementation using AspNetCore.Identity for user management and authentication. You can use this implementation for production scenarios where you want to host the security packages together with the application.

Installation

As AspNetCore.Identity uses auto increment columns for primary key the migration code for creating the database schema is database dependent. This means you need to include different NuGet packages depending on what database provider you're using. The currently available packages are:

SQLite

Piranha.AspNetCore.SimpleSecurity.SQLite

SQLServer

Piranha.AspNetCore.SimpleSecurity.SQLServer

MySQL

Piranha.AspNetCore.SimpleSecurity.MySQL

Registering The Service

You register Identity Security in ConfigureServices(). There are two methods available for adding the services, AddPiranhaIdentity and AddPiranhaIdentityWithSeed. The later of them seeds the default admin user with username admin and password password. How you register the service is also dependent on which database provider you use:

SQLite

services.AddPiranhaIdentity<IdentitySQLiteDb>(options => ...);
services.AddPiranhaIdentityWithSeed<IdentitySQLiteDb>(options => ...)

SQLServer

services.AddPiranhaIdentity<IdentitySQLServerDb>(options => ...);
services.AddPiranhaIdentityWithSeed<IdentitySQLServerDb>(options => ...)

MySQL

services.AddPiranhaIdentity<IdentityMySQLDb>(options => ...);
services.AddPiranhaIdentityWithSeed<IdentityMySQLDb>(options => ...)


Configuring Identity Options

When registering the service you can also provide custom IdentityOptions.

services.AddPiranhaIdentity<IdentitySQLiteDb>(
options => ..., identityOptions: io => ...);

Default Identity Options

These are the default Identity Options provided. Please note that these are more geared on development scenarios as it enforces a very low password strength algorithm, and should be changed in production scenarios.

// Password settings
options.Password.RequireDigit = false;
options.Password.RequiredLength = 6;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Password.RequiredUniqueChars = 1;

// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;

// User settings
options.User.RequireUniqueEmail = true;

Configuring Cookie Options

When registering the service you can also provide custom CookieOptions.

services.AddPiranhaIdentity<IdentitySQLiteDb>(
options => ..., cookieOptions: co => ...);

Default Cookie Options

These are the default Cookie Options provided. These should be changed to support HTTPS or maybe change the default login URL if you're running a custom login setup.

options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.LoginPath = "/manager/login";
options.AccessDeniedPath = "/manager/login";
options.SlidingExpiration = true;