Crosslight uses Microsoft ASP.NET Identity for its user management back-end. The entity model, entity context and API controller that support ASP.NET Identity is all provided by Crosslight Business Template. To learn more about the business project template, see Business Template.
Enterprise App Framework provides the client side library for user management and authentication which include:
These functions leverage Crosslight core components and services such as RestClient and Social Media Services. To learn more about these services, see Using Crosslight RestClient and Integration with Social Networks.
This page discusses the user management feature implemented in the App Framework which comprised of both client and server components, including the pre-built user database.
Crosslight uses Microsoft.ASP.NET Identity for its user management back-end. Therefore the database must comply with Microsoft ASP.NET Identity structure.
The following are the tables that must available in-order to comply with Microsoft ASP.NET Identity.
Used to store user that has access to the application.
Used to store available user roles.
Used to store social media login info. LoginProvider should store the social media type, while ProviderKey should store the access token from the social media.
Used to store additional claim about the user. ClaimType is used to identity the type of claim about the user where the ClaimValue holds the claim information. Example of user claim is ActiveDirectoryId = minerva.
Crosslight business template provides an API Controller called IdentityController. This controller encapsulates all user management functions commonly used in business apps such as:
- Login using user name
- Login using user login (social media login)
- GetUserProfile using user name
- GetUserProfile using user login (social media login)
- RegisterUser (including image upload)
- UpdateUser (including image upload)
Specifically, the IdentityController implements the members such as shown in the following class diagram.
Take a look at the code snippet of identity controller provided by Crosslight business template.
For complete code listing, please refer to IdentityController.cs.
To consume the services exposed by IdentityController in the client-side, the App Framework provides a specialized repository called UserRepository. This repository handles the access to all services available in IdentityController.
The user repository implements the members such as shown in the following class diagram.
To learn more about the user repository implementation, see UserRepository.cs.
To manage users in the application, Enterprise App Framework provides a service called UserService. This service provides methods to save and load data from user cache along with other user-related functions.
Instead of accessing UserRepository directly, your application code should access the UserService class which provides comprehensive application-wide user functionality such as the capability to save and load data from user cache, getting and setting current user, and more. At its heart, the user service consumes the user repository when it needs to load or update the user objects.
The user service implements the members such as shown in the following class diagram.
To learn more about the user service implementation, see UserService.cs.
The following code example shows how to use the user service to get the currently logged-in user and set it to a property in the ViewModel which is bound to the view.
The Account class represents the user credential which is associated to a specific authenticator service. The relationship between user and account is that a user can have multiple accounts. For instances, a user has an account to access the app with an Active Directory account. In addition, the user can also access the app with other accounts such as Facebook account or Google account.
Crosslight App Framework implements user management with the latest industry standards and best practices which allows an application to authenticate users through multiple accounts. The account management is encapsulated in the AccountService which provides functionality such as sign in, sign out, verify account, and more. The account service works in conjunction with UserService along with AccountStoreService, AuthenticationService and SocialNetworkService to handle all user management processes.
The following methods are exposed in the account service:
To learn how the account service is implemented, see WebApiAccountService.cs.
The following code example shows how to initialize an account using AccountService, perform sign in, then redirect the user to the main screen when succeed.
There are two types of registration that you can enabled using Enterprise App Framework. The first is standard user registration using the provided UserRepository, UserService and IdentityController. The other is social media registration such as login with Facebook.
Standard User Registration
The standard user registration is basically registering using to the user database using the standard approach by sending RegistrationData to IdentityController as the data service, through UserService and UserRepository class.
To perform standard user registration you can use the following code snippet.
Note that you should AccountService.CreateEncryptedAccount to encrypt your password using HmacSha256 algorithm as follows.
Social Media Registration
Register a user with social media such as login with facebook, allows the user to use social media authenticator to sign in to your application. Upon approval, the social media authenticator will send the access token or provider key. The user service will then create a new User and UserLogin entity based on the obtained access token.
AccountService provides you with SignInSocialAsync method that you can use to sign in to the specified social media.
You will also need to configure the registered social network service in AppService.cs as follows.
User authentication is the process of authenticating user whether the user has access to the application. You can use the AccountService.SignInAsync or AccountService.SignInSocialAsync to perform the authentication. The authentication process is already handled by the App Framework as long as the required components such as UserRepository, UserService, AccountService and SocialNetworkService are configured properly as described in the previous topic.
After the sign in process completed, the AccountService will hold the Account object containing the user credential. This Account object will be used to create the authenticated request to the data service.
Default Basic Authentication For Entity Services
Crosslight Business Templates provides you with a default BasicAuthHttpModule to handle request from an authenticated user, whether through the standard login and social media login. All requests to the restricted entity services must go through this module. You will need to create a valid authenticated request based on the Account object to access the restricted entity services.
To learn more how an authentication module in the server-side is implemented, see BasicAuthHttpModule.cs.