Need some tests that read data from db (seed users), to verify round trip functionality

Currently for the EF implementation the user and roles are mapped through an intermediate class IdentityUserRole. It might be redundant in that we can follow EF conventions to have the many to many mapping between users and roles. Might not be specific for the alpha release but we can revisit this for the long run

Many components in this project are not tied to ASP.NET/OWIN, and I would love to be able to use them for local authentication in my Windows and Windows Phone apps.

I am trying to create an abstraction over the identity layer because when the in memory store will be obsolete, I want to easily change to Azure Storage or SQL.
I am not able to fully do this because the InMemoryRoleStore is not generic and I cannot specify the type of the role class like I can do for InMemoryUserStore

See the code below for repro and error:

internal class AppUser : InMemoryUser
{
}

internal class AppUserRole : InMemoryRole
{
}

internal static class IdentityFactory
{
    public async Task<UserManager<AppUser, string>> CreateNewUserManager()
    {
        UserManager<AppUser, string> userManager = new UserManager<AppUser, string>(new InMemoryUserStore<AppUser>());

        return userManager;
    }

    // I want to return RoleManager<AppUserRole> not RoleManager<InMemoryRole>
    public async Task<RoleManager<AppUserRole>> CreateNewRoleManager()
    {
        // Error: Argument 1: cannot convert from 'Microsoft.AspNet.Identity.InMemory.InMemoryRoleStore' to 'Microsoft.AspNet.Identity.IRoleStore<WebSimulator.Identity.AppUserRole,string>'
        RoleManager<AppUserRole> roleManager = new RoleManager<AppUserRole>(new InMemoryRoleStore());

        return roleManager;
    }
}

Before
services.AddIdentity(identityServices =>
{
identityServices.AddEntity();
});
services.AddTransient<SignInManager>();

After
services.AddIdentityAddEntity().AddSecurity()

What is the best way to customize error messages coming from the FX as an application developer

Culture and other states in the execution context does not flow in async operations or continuation

As of now the role operation on multiple users are present in the app code in the sample package. This should be moved in the framework

Make the full implementation of Identity/EF work so that we can exercise the complex model that we have and fix bugs in EF to support this scenario

In the current implementation the unique email is enforced at the UserValidator. Duplicate emails are still possible at the db level. We need to ensure that duplicate emails are not allowed if the user chose so in UserManager

Since we are going to support Identity on Phone and other platforms we should consider the package naming and layering
The package names should be Microsoft.Framework.Identity*

The RemoveFromRoleAsync method does not the remove the user from the role that is passed. This is not seen if there is just one role in the system but if there is more than one

Issue: In RemoveFromRoleAsync method on the UserStore, the condition that checks the role to remove is incorrect

Instead of
var userRole = user.Roles.FirstOrDefault(r => roleEntity.Name.ToUpper() == roleName.ToUpper());

should be
var userRole = user.Roles.FirstOrDefault(r => r.Id == roleName.Id);

identity should target different platforms such as Phone/ Store etc.

services.AddIdentity(identityServices =>
{
identityServices.AddEntity().AddSecurity();
});

I have done some investigation but it is non-obvious why the EF change caused this to break, so disabling the test for now to fix the build break.

Run first, see

http://xunit.codeplex.com/SourceControl/latest#samples/TestOrderExamples/TestPriorityAttribute.cs

Add the ablity to add claims to role, and flow those to the user's identity when logging in. This will require changes in the ClaimsIdentityFactory to reference a Role manager

If the user implements a custom PasswordHasher and returns the PasswordVerificationResult.SuccessRehashNeeded in the 'VerifyHashedPassword' method, we need to rehash the password and store it back into the database.

This is not implemented currently, for example. in the Find method for usermanager we verify if the verification code is not 'Failed'. If not we return true. We can check if the code is PasswordVerificationResult.SuccessRehashNeeded and rehash the password

The SignInManager class should only be concerned with OWIN integration. User lockout should be enforced in lower part of the stack like UserManager, for example.

Let's see if we can simplify the external login flow.

• remove external login temporary cookie?

I see in the UserStore.FindUserByName there are calls to ToUpper on the username. Would we have a Turkish-I problem?

When the UserManager is added to the services provider, getting the instance of the object in the controller does not inject the UserStore as expected. This happens only if the UserManager is directly used while works fine it is subclassed

AFAIK, currently the error messages in identity library are not override-able. For example, we cannot override 'Name {0} is already taken.'. This will cause a big headache for multi-lingual application and also in some other cases, http://forums.asp.net/t/1957899.aspx?How+to+override+validation+for+UserName

To avoid writing extension methods we can make the AsyncHelper method public. Also we need to review the method signature for 'RunAsync'.

Tracking bug to cleanup/remove post CTP old apis

like DuplicateUserException which stores can throw that the manager can/should handle

The GetUserAggregate method used to query the user can be made virtual so that the developers can customize the query as needed

identityServices.AddEntity<ApplicationDbContext>();

• Add code to create database if it does not exist
• SignManager.PasswordSignIn does not work due to a mismatch in ApplicationCookieType

For apps that have WsFed middleware registered, logging in using the WsFed provider does not display a user friendly name in the Manage page. The issue is that the value is taken from the LoginProvider property which is populated from the Issuer claim value after login. Once logged in there is no way to retrieve the friendly name for the provider

We need to add an additional property to store the friendly provider name and this can populated from the AuthenticationDescription property in the login result

From codeplex : https://aspnetidentity.codeplex.com/workitem/1951

When upgrading my MVC project to use the new 2.0.0 alpha, all the calls like:

IdentityResult result = await _userManager.ChangePasswordAsync(
User.Identity.GetUserId(), model.OldPassword, model.NewPassword);

are broken because I changed the PK of my IdentityUser to be:

IdentityUser<int, CustomUserLogin, CustomUserRole, CustomUserClaim>

The new DI approach for creating UserManager does not seem to create it per request but instead for the entire lifetime of the application with the same object being reused.

Need to get this changed to return UserManager per request

have a way of logging events which can be traced through the common logging Fx. Some examples are as follows.
○ SignIn/ SignOut
○ Password resets
○ Account confirmed

Feedback from app building

With latest changes sign in / register scenario seems to be broken. Possible cause could be InMemoryStore is not being registered as a Singleton but as a transient one. As a result data gets lost after every request.

• Add a new assembly inside of the Configuration Repo called Microsoft.Framework.OptionsModel and move all of the options into this assembly
• Hosting would depend on this assembly to add OptionsServices.DefaultServices as part of app.UseServices() (lifetime of open generic is singleton)
• Add a new extension method T Get where T : IConvertable to Configuration
• Add ConfigOptionsSetup which takes IConfiguration and is registered as an open generic
• Add ConfigSetup method which registers an IConfigOptionsSetup
• Add static helper method Bind(IConfiguration, object) to OptionsServices
• Keep default options orders as internal constants for now (Configuration = -1000, Default = 0)
• Support recursive binding so IdentityOptions can just use ConfigOptions directly (do not support lists/dictionaries for now, but its possible to add later)

For example try to simulate the condition when you try to register the same user for the second time. In net45 it throws a proper error message. In CoreClr I get the following exception. Probably something wrong when it tries to read the resource string.

An unhandled exception occurred while processing the request.

MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.AspNet.Routing.Resources.resources" was correctly embedded or linked into assembly "Microsoft.AspNet.Identity" at compile time, or that all the satellite assemblies required are loadable and fully signed.
System.Resources.ManifestBasedResourceGroveler.HandleResourceStreamMissing(String fileName)

Stack Query Cookies Headers Environment
MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture. Make sure "Microsoft.AspNet.Routing.Resources.resources" was correctly embedded or linked into assembly "Microsoft.AspNet.Identity" at compile time, or that all the satellite assemblies required are loadable and fully signed.
System.Resources.ManifestBasedResourceGroveler.HandleResourceStreamMissing(String fileName)
System.Resources.ManifestBasedResourceGroveler.GrovelForResourceSet(CultureInfo culture, Dictionary`2 localResourceSets, Boolean tryParents, Boolean createIfNotExists, StackCrawlMark& stackMark)
System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo requestedCulture, Boolean createIfNotExists, Boolean tryParents, StackCrawlMark& stackMark)
System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents)
System.Resources.ResourceManager.GetString(String name, CultureInfo culture)
Microsoft.AspNet.Identity.Resources.get_DuplicateName()
Microsoft.AspNet.Identity.UserValidator`1.<ValidateUserName>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
System.Runtime.CompilerServices.TaskAwaiter.GetResult()

Hi,

I think add support for Table Storage is a good feature, as it's fast and reliable.

How I could contribute with this feature?

Thanks,

Gabriel Marquez

Current InMemory stores does not support generic PK. This is a tracking bug to verify the same for the EF store implementation