Blog Home  Home Feed your aggregator (RSS 2.0)  
Mayur's Blog - Friday, July 24, 2015
 
# Friday, July 24, 2015

We are thinking to migrate our legacy web application to Asp.Net 5 framework to utilize all the enhancements and good features available.

The biggest road block is Identity system. Our legacy application has its own User and UserRole tables (in database) to Authenticate and Authorize. Asp.Net 5 is based on newer implementation of Identity, which is part of Microsoft.AspNet.Identity and Entityframework.

The out of box implementation using Visual Studio 2015 uses EntityFramework 7 (Beta). We cannot use it and it is still not ready for Production. Our data layer is still EntityFramework but with older version. We don't want to really change this implementation at this moment at least.

It looks like that we need to fully customize Identity framework implemented in Microsoft.AspNet.Identity framework if we want to use it.

Please note that our legacy application does not need anything except log in and log out from Identity system. So basically verifying that the person is authorized and authenticated by given id and password. Additionally, the Identity created after log in should preserve the roles for a given person so that we can use Attributes to decorate our controller and actions to secure it. These attributes will also use Roles for authorization purpose.

The following is an attempt to do this. Actually at this moment I have completed this prototype kind of implementation and was able to  run this successfully. The log in process and log out process worked. The Identity generated (and saved in HttpContext) is capable enough to secure methods using roles.

So here is my implementation goes. It is still kind of an approach to tackle this issue and there is still a room to improve it in terms of both coding and design.

My implementation is based on Asp.Net Beta 5 released with Visual Studio 2015 RTM. It is possible that by the time Asp.NET goes LIVE there may be a few changes and refactoring needed. I don't expect a lot though. Here is my project.json looks like to bring in required references.

Items shown with "Bold and Italic" are required references for Identity framework. 

{
  "webroot": "wwwroot",
  "userSecretsId": "aspnet5-CCClientWeb-8bbc0c70-ab78-4053-a5bf-492342d52f2a",
  "version": "1.0.0-*",

  "dependencies": {
    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-beta5",
    "Microsoft.AspNet.Authentication.Facebook": "1.0.0-beta5",
    "Microsoft.AspNet.Authentication.Google": "1.0.0-beta5",
    "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-beta5",
    "Microsoft.AspNet.Authentication.Twitter": "1.0.0-beta5",
    "Microsoft.AspNet.Diagnostics": "1.0.0-beta5",
    "Microsoft.AspNet.Diagnostics.Entity": "7.0.0-beta5",
    "Microsoft.AspNet.Identity": "3.0.0-beta5",
    "Microsoft.AspNet.Identity.EntityFramework": "3.0.0-beta5",
    "Microsoft.AspNet.Mvc": "6.0.0-beta5",
    "Microsoft.AspNet.Mvc.TagHelpers": "6.0.0-beta5",
    "Microsoft.AspNet.Server.IIS": "1.0.0-beta5",
    "Microsoft.AspNet.Server.WebListener": "1.0.0-beta5",
    "Microsoft.AspNet.StaticFiles": "1.0.0-beta5",
    "Microsoft.AspNet.Tooling.Razor": "1.0.0-beta5",
    "Microsoft.Framework.CodeGenerators.Mvc": "1.0.0-beta5",
    "Microsoft.Framework.Configuration": "1.0.0-beta5",
    "Microsoft.Framework.Configuration.Json": "1.0.0-*",
    "Microsoft.Framework.Logging": "1.0.0-beta5",
    "Microsoft.Framework.Logging.Console": "1.0.0-beta5",    
    "Microsoft.VisualStudio.Web.BrowserLink.Loader": "14.0.0-beta5"
  },

  "commands": {
    "ef": "EntityFramework.Commands",
    "gen": "Microsoft.Framework.CodeGeneration",
    "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5000"
  },

  "frameworks": {
    "dnx451": {
      "dependencies": {
        "CCClients.BusinessService": "1.0.0-*",
        "CCClients.Interfaces": "1.0.0-*",
        "CCClients.Repository": "1.0.0-*",
        "Microsoft.AspNet.Http.Core": "1.0.0-beta4"       
      }
    }
  },

  "exclude": [
    "wwwroot",
    "node_modules",
    "bower_components"
  ],
  "publishExclude": [
    "node_modules",
    "bower_components",
    "**.xproj",
    "**.user",
    "**.vspscc"
  ],
  "scripts": {
    "postrestore": [ "npm install", "bower install" ],
    "prepare": [ "gulp copy" ]
  }
}

1) We need to implement custom classes as shown below. CustomSignInManager and CustomRoleManager inherits from base classes and override required methods. These classes running an engine to drive Identity. Please remember that I am implementing only a bare minimum login functionality to support legacy application. So I really do not have to override many methods from bases classes and do not require implementation of all the interfaces. 

Just to demonstrate how far I can do customization, I have even overridden CheckPassword method (see in CustomUserStore.cs), which allows me to check passwords which are not hashed in the database and stored as raw values. I know that it is not recommended at all but many of the folks forced to support legacy apps not designed properly ard forced to follow this practice and look for a way to find work abounds.

Another thing you may notice is an implementation of CustomUserStore in CustomUserStore.cs. You may see that CustomUserStore class implements many interfaces. This user store actually is a driver for database operations. The implementation here follows "O" of SOLID principles. You may implement as many interfaces as many functionalities you want. In may case I implement IUserStore<CustomIdentityUser>, IUserRoleStore<CustomIdentityUser>, IUserPasswordStore<CustomIdentityUser> because I need Roles. IUserStore and IUserPasswordStore will be needed in any case. However, let's say you want to do account Lockout based on invalid login attempts. In that case you need to implement IUserLockoutStore interface. Identity framework comes with many features and you need to implement required interfaces to take advantage of all. However, if not needed then simply ignoring them would be a wise thing to do to implement a clean and understandable code. 

1)

using Microsoft.AspNet.Identity;
using System.Linq;
using System.Security.Claims;
using System.Security.Principal;
using System.Threading.Tasks;

namespace CCClientWeb.CustomIdentity
{
    public class CustomClaimsPrincipal : IPrincipal
    {
        private CustomIdentity customIdentity;
        private CustomIdentityUser user;
        public CustomClaimsPrincipal(CustomIdentityUser user)
        {
            customIdentity = new CustomIdentity(IdentityOptions.ApplicationCookieAuthenticationType, true, user.UserName);
            this.user = user;
        }

        public IIdentity Identity
        {
            get
            {
                return customIdentity;
            }
        }

        public bool IsInRole(string role)
        {
            return user.CustomRoles.Any(cr => cr.RoleName == role);
        }
    }
    public class CustomUserClaimsPrincipalFactory : IUserClaimsPrincipalFactory<CustomIdentityUser>
    {
        public async Task<ClaimsPrincipal> CreateAsync(CustomIdentityUser user)
        {
            return await Task.FromResult(new ClaimsPrincipal(new CustomClaimsPrincipal(user)));           
        }
    }
}

2)

using System.Security.Principal;

namespace CCClientWeb.CustomIdentity
{
    public class CustomIdentity : IIdentity
    {
        private string authenticationType;
        private bool isAuthenticated = false;
        private string name;

        public CustomIdentity(string authenticationType, bool isAuthenticated, string name)
        {
            this.authenticationType = authenticationType;
            this.isAuthenticated = isAuthenticated;
            this.name = name;
        }

        public string AuthenticationType
        {
            get
            {
                return authenticationType;
            }
        }

        public bool IsAuthenticated
        {
            get
            {
                return isAuthenticated;
            }
        }

        public string Name
        {
            get
            {
                return name;
            }
        }
    }
}
3)

using Microsoft.AspNet.Identity.EntityFramework;

namespace CCClientWeb.CustomIdentity
{
    public class CustomIdentityRole:IdentityRole<int>
    {
        public override int Id
        {
            get
            {
                return base.Id;
            }

            set
            {
                base.Id = value;
            }
        }

        public override string Name
        {
            get
            {
                return base.Name;
            }

            set
            {
                base.Name = value;
            }
        }  
    }
}

4)

using Microsoft.AspNet.Identity.EntityFramework;
using System.Collections.Generic;
using System.Linq;

namespace CCClientWeb.CustomIdentity
{
    public class CustomIdentityUser:IdentityUser<int>
    {
        public override int Id
        {
            get;
            set;
        }

        public override string UserName
        {
            get;
            set;
        }

        public string Password
        {
            get;
            set;
        }
       
        public List<CustomIdentityUserRole> CustomRoles
        {
            get;
            set;
        }      

        public override string PasswordHash { get; set; }

        public override ICollection<IdentityUserRole<int>> Roles
        {
            get
            {
                return CustomRoles.Cast<IdentityUserRole<int>>().ToList();
            }
        }

        public override ICollection<IdentityUserLogin<int>> Logins
        {
            get
            {
                return base.Logins;
            }
        }

        public override bool TwoFactorEnabled
        {
            get
            {
                return base.TwoFactorEnabled;
            }

            set
            {
                base.TwoFactorEnabled = false;
            }
        }

        public override bool LockoutEnabled
        {
            get
            {
                return base.LockoutEnabled;
            }

            set
            {
                base.LockoutEnabled = false;
            }
        }

    }

    public class CustomIdentityUserRole : IdentityUserRole<int>
    {
        public string RoleName { get; set; }
    }
}

5)

using Microsoft.AspNet.Identity;
using System;
using System.Threading.Tasks;
using System.Threading;

namespace CCClientWeb.CustomIdentity
{
    public class CustomRoleStore : IRoleStore<CustomIdentityRole>
    {
        public Task<IdentityResult> CreateAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<IdentityResult> DeleteAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public void Dispose()
        {
            
        }

        public Task<CustomIdentityRole> FindByIdAsync(string roleId, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<CustomIdentityRole> FindByNameAsync(string normalizedRoleName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<string> GetNormalizedRoleNameAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<string> GetRoleIdAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            return new Task<string>(() => { return role.Id.ToString(); });
        }

        public Task<string> GetRoleNameAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            return new Task<string>(() => { return role.Name.ToString(); });
        }

        public Task SetNormalizedRoleNameAsync(CustomIdentityRole role, string normalizedName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task SetRoleNameAsync(CustomIdentityRole role, string roleName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<IdentityResult> UpdateAsync(CustomIdentityRole role, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }
    }
}

6)

using Microsoft.AspNet.Hosting;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Identity;
using Microsoft.Framework.Logging;
using Microsoft.Framework.OptionsModel;
using System.Threading.Tasks;

namespace CCClientWeb.CustomIdentity
{
    public class CustomSignInManager : SignInManager<CustomIdentityUser>
    {
        public CustomSignInManager(CustomUserManager userManager,
            IHttpContextAccessor contextAccessor,
            CustomUserClaimsPrincipalFactory claimsFactory,
            IOptions<IdentityOptions> optionsAccessor,
            ILogger<CustomSignInManager> logger) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, null)
        {
            CustomUserManager = userManager;
            CustomContext = contextAccessor.HttpContext;
            CustomUserClaimsPrincipalFactory = claimsFactory;
        }

        CustomUserManager CustomUserManager;
        HttpContext CustomContext;
        CustomUserClaimsPrincipalFactory CustomUserClaimsPrincipalFactory;

        public override async Task<SignInResult> PasswordSignInAsync(CustomIdentityUser user, string password, bool isPersistent, bool lockoutOnFailure)
        {
            if (user.Password == password)
            {
                await SignInAsync(user, isPersistent, string.Empty);
                return SignInResult.Success;
            }

            return SignInResult.Failed;
        }

        public override async Task SignInAsync(CustomIdentityUser user, bool isPersistent, string authenticationMethod = null)
        {
            var userPrincipal = await CustomUserClaimsPrincipalFactory.CreateAsync(user);
            CustomContext.Authentication.SignIn(IdentityOptions.ApplicationCookieAuthenticationScheme, userPrincipal, new AuthenticationProperties { IsPersistent = isPersistent });
        }

    }
}

7)

using Microsoft.AspNet.Hosting;
using Microsoft.AspNet.Identity;
using Microsoft.Framework.Logging;
using Microsoft.Framework.OptionsModel;
using System.Collections.Generic;
using System.Threading.Tasks;

namespace CCClientWeb.CustomIdentity
{
    public class CustomUserManager : UserManager<CustomIdentityUser>
    {
        public CustomUserManager(IUserStore<CustomIdentityUser> store,
            IOptions<IdentityOptions> optionsAccessor,
            IPasswordHasher<CustomIdentityUser> passwordHasher,
            IEnumerable<IUserValidator<CustomIdentityUser>> userValidators,
            IEnumerable<IPasswordValidator<CustomIdentityUser>> passwordValidators,
            ILookupNormalizer keyNormalizer,
            IdentityErrorDescriber errors,
            IEnumerable<IUserTokenProvider<CustomIdentityUser>> tokenProviders,
            ILogger<UserManager<CustomIdentityUser>> logger,
            IHttpContextAccessor contextAccessor):base(store, optionsAccessor, passwordHasher, 
                userValidators, passwordValidators, keyNormalizer, errors, tokenProviders, 
                logger, contextAccessor)
        {
           
        }

        public override async Task<bool> CheckPasswordAsync(CustomIdentityUser user, string password)
        {
            return await new Task<bool>(() => { return user.Password == password; });            
        }
    }  
}

8)

using Microsoft.AspNet.Identity;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using CC.Interfaces.RepositoryServices;
using System.Threading;

namespace CCClientWeb.CustomIdentity
{
    public partial class CustomUserStore : IUserStore<CustomIdentityUser>, IUserRoleStore<CustomIdentityUser>, IUserPasswordStore<CustomIdentityUser>
    {
        private IdentityService service;
        private IPasswordHasher<CustomIdentityUser> passwordHasher;

        public CustomUserStore(ILoginRepositoryService loginRepositoryService, IPasswordHasher<CustomIdentityUser> passwordHasher)
        {
            service = new IdentityService(loginRepositoryService, passwordHasher);
            this.passwordHasher = passwordHasher;
        }
        public Task<IdentityResult> CreateAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<IdentityResult> DeleteAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<CustomIdentityUser> FindByIdAsync(string userId, CancellationToken cancellationToken)
        {
            return service.GetUserByIdAsync(userId);
        }

        public Task<CustomIdentityUser> FindByNameAsync(string normalizedUserName, CancellationToken cancellationToken)
        {
            return service.GetUserByUserNameAsync(normalizedUserName);
        }

        public Task<string> GetNormalizedUserNameAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<string> GetUserIdAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            return new Task<string>(() => { return user.Id.ToString(); });
        }

        public Task<string> GetUserNameAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task SetNormalizedUserNameAsync(CustomIdentityUser user, string normalizedName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task SetUserNameAsync(CustomIdentityUser user, string userName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<IdentityResult> UpdateAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        #region IDisposable Support
        private bool disposedValue = false; // To detect redundant calls

        protected virtual void Dispose(bool disposing)
        {
            if (!disposedValue)
            {
                if (disposing)
                {
                    // TODO: dispose managed state (managed objects).
                }

                // TODO: free unmanaged resources (unmanaged objects) and override a finalizer below.
                // TODO: set large fields to null.

                disposedValue = true;
            }
        }

        // TODO: override a finalizer only if Dispose(bool disposing) above has code to free unmanaged resources.
        // ~CustomUserStore() {
        //   // Do not change this code. Put cleanup code in Dispose(bool disposing) above.
        //   Dispose(false);
        // }

        // This code added to correctly implement the disposable pattern.
        public void Dispose()
        {
            // Do not change this code. Put cleanup code in Dispose(bool disposing) above.
            Dispose(true);
            // TODO: uncomment the following line if the finalizer is overridden above.
            // GC.SuppressFinalize(this);
        }
        #endregion

   
        public Task AddToRoleAsync(CustomIdentityUser user, string roleName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<IList<string>> GetRolesAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            return service.GetUserRolesAsync(user);
        }

        public Task<IList<CustomIdentityUser>> GetUsersInRoleAsync(string roleName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }

        public Task<bool> IsInRoleAsync(CustomIdentityUser user, string roleName, CancellationToken cancellationToken)
        {
            return service.IsUserInRoleAsync(user, roleName);
        }

        public Task RemoveFromRoleAsync(CustomIdentityUser user, string roleName, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }
   
        public Task<string> GetPasswordHashAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            return service.GetPasswordHashAsync(user);
        }

        public Task<bool> HasPasswordAsync(CustomIdentityUser user, CancellationToken cancellationToken)
        {
            return service.HasPasswordAsync(user);
        }

        public Task SetPasswordHashAsync(CustomIdentityUser user, string passwordHash, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
        }
    }
}

9)

using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Identity;
using sc = System.Security.Claims;
using CC.Interfaces.RepositoryServices;

namespace CCClientWeb.CustomIdentity
{
    public class IdentityService
    {
        ILoginRepositoryService _loginRepSrv = null;
        IPasswordHasher<CustomIdentityUser> passwordHasher = null;

        public IdentityService(ILoginRepositoryService loginRepository, IPasswordHasher<CustomIdentityUser> passwordHasher)
        {
            _loginRepSrv = loginRepository;
            this.passwordHasher = passwordHasher;
        }

        public async Task<CustomIdentityUser> GetUserByUserNameAsync(string userName) 
        {
            var login = await _loginRepSrv.FirstOrDefaultAsync(l => l.LoginName == userName);
            if (login == null) return null;
            var userId = login.CompanyId == null ? login.EmployeeId.Value : login.CompanyId.Value;
            return new CustomIdentityUser 
                { Id = userId, 
                    Password = login.LoginPassword, 
                    UserName = login.LoginName, 
                    CustomRoles = login.LoginsRoles.Select(lr => new CustomIdentityUserRole { RoleId = lr.RoleId, UserId = userId, RoleName = lr.Role.RoleName }).ToList()  
                };
        }

        public async Task<CustomIdentityUser> GetUserByIdAsync(string userId)
        {
            var id = int.Parse(userId);
            var login = await _loginRepSrv.FirstOrDefaultAsync(l => (l.EmployeeId == id && l.CompanyId == null) || (l.CompanyId == id && l.EmployeeId == null));
            var roles = login.LoginsRoles.Select(lr => new CustomIdentityUserRole { RoleId = lr.RoleId, UserId = id, RoleName = lr.Role.RoleName }).ToList();

            return new CustomIdentityUser
            {
                Id = login.CompanyId == null ? login.EmployeeId.Value : login.CompanyId.Value,
                Password = login.LoginPassword,
                UserName = login.LoginName,
                CustomRoles = roles
            };
        }

        public async Task<CustomIdentityUser> FindByNameAsync(string userName) 
        {
            return await GetUserByUserNameAsync(userName);
        }

        public async Task<IList<string>> GetUserRolesAsync(CustomIdentityUser user) 
        {
            var login = await _loginRepSrv.FirstOrDefaultAsync(l => (l.EmployeeId == user.Id && l.CompanyId == null) || (l.CompanyId == user.Id && l.EmployeeId == null));
            return login.LoginsRoles.Select(lr => lr.Role.RoleName).ToList();            
        }

        public async Task<bool> IsUserInRoleAsync(CustomIdentityUser user, string role)
        {
            List<string> roles = await GetUserRolesAsync(user) as List<string>;

            if (roles.Contains(role))
            {
                return true;
            }
            else
            {
                return false;
            }

        }

        public Task AddClaimAsync(CustomIdentityUser user, System.Security.Claims.Claim claim) 
        {
            return new Task(() => { 
            
            });
        }

        public Task<IList<sc.Claim>> GetClaimsAsync(CustomIdentityUser user) 
        {
            return new Task<IList<sc.Claim>>(() => {
                List<sc.Claim> claims = new List<sc.Claim>();
                claims.Add(new sc.Claim(user.CustomRoles.FirstOrDefault().RoleName, user.UserName));                
                return claims as IList<sc.Claim>;
            });            
        }

        public Task RemoveClaimAsync(CustomIdentityUser user, System.Security.Claims.Claim claim)
        {
            return new Task(() => {});
        }

        public Task<string> GetSecurityStampAsync(CustomIdentityUser user) 
        {
            return Task.FromResult("GetSecurityStampAsync");      
        }

        public Task SetSecurityStampAsync(CustomIdentityUser user, string stamp) 
        {
            return new Task(() => { });
        }

        public async Task<string> GetPasswordHashAsync(CustomIdentityUser user) 
        {
            return await Task.FromResult(passwordHasher.HashPassword(user, user.Password));
        }

        public Task<bool> HasPasswordAsync(CustomIdentityUser user) 
        {
            return Task.FromResult(true);
        }
        
        
    }
}

Once classes are written, we can prepare start-up pipeline by adding the following values in Startup.cs. I had to made sure that Authorization configuration is added before MVC as shown below.

app.UseIdentity() is also needed in Configure method in Startup.cs

Basically that is pretty much needed to wire up things to customize Identity in Asp.NET 5.

As you may notice that IndentityService.cs is my wrapper to repositories in Data layer project. I have put in reference to this project in Web project and injected services in Startup.cs. You may see that one of them is ILoginServiceRepository. This class has several methods which allows me to search users and roles.

My LogIn action in controller looks like the following.

using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using CCClientWeb.Models;
using CCClientWeb.CustomIdentity;
using CC.Interfaces.RepositoryServices;

namespace CCClientWeb.Controllers
{
    [Authorize]
    public class AccountController : Controller
    {
        public AccountController(CustomUserManager userManager, CustomSignInManager signInManager)
        {
            UserManager = userManager;
            SigninManager = signInManager;            
        }

        public CustomUserManager UserManager { get; private set; }

        public CustomSignInManager SigninManager { get; private set; }

        private ILoginRepositoryService loginRepositoryService;

        private IdentityService identityService;

        //
        // GET: /Account/Login
        [HttpGet]
        [AllowAnonymous]
        public IActionResult Login(string returnUrl = null)
        {            
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }

        //
        // POST: /Account/Login
        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            ViewBag.ReturnUrl = returnUrl;
            if (ModelState.IsValid)
            {
                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set shouldLockout: true
                var result = await SigninManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
                if (result.Succeeded)
                {
                    return RedirectToLocal(returnUrl);
                }

                ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                return View(model);
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }
}

As this implementation of Identity framework in Asp.Net 5 is a brand new, I had to put in some research. Thankfully, Asp.Net is open source now. I was able to download the code from GithHub (https://github.com/aspnet/Identity) and able to look at it to understand to implement this customization.

As I am injecting repositories into my web project, it really does not matter how I implement my repositories. It is a black box to Identity framework. As loon as it has required methods to do the job, it would work. So this way I was also able to reuse my old code.

I hope that this work may be useful to someone who may be looking forward to migrate his/her legacy applications to Asp.NET 5 but still want to re-use most of existing code base.

Friday, July 24, 2015 10:36:34 PM UTC  #       | 

I upgraded VMWare workstation 9 to 11 (build 11.1.2 - 2780323) before a month or so. Since then I was running into performance issues, especially, when I work with 3 monitors. I am not sure it was a hardware issue or software issue or combination of both. My VM host is Windows 8.1 with the latest updates and guest is Windows 10 RC.

I have docking station Toshiba Dynadock, which enables 3 monitors.

Eventually when I turned off 3D Graphics acceleration in VM Ware workstation settings, the performance improved with 3 monitors running.

This post might be helpful to someone running into the same issue and do not have any clue to fix it.

When Windows 10 RTM will be released, I will verify again by enabling 3D graphics acceleration; I guess by that time we may have some updates from VMWare too. Presently Workstation 11 is based on Windows 10 RC and they may get a chance to fix issues (if there are any) once Windows RTM is released.

I am still not sure what is causing the performance issue but at least I am okay right now and able to use 3 monitors comfortably.

 

Friday, July 24, 2015 11:43:35 AM UTC  #       | 
# Sunday, July 12, 2015

It is due to renaming of GlobalImport.cshtml to _ViewImports.cshtml.

You may rename GlobalImport.cshtml available under Views folder to _ViewImports.cshtml as shown below.

You may refer this Announcement for the details. https://github.com/aspnet/Mvc/issues/2489

Sunday, July 12, 2015 5:52:56 PM UTC  #       | 
# Tuesday, June 16, 2015

Looks like that we have resolved another configuration related issue on Azure. In case someone is facing the same problem without any clue to fix, then read the following.

Our issue was: Asp.NET web site running very well and faster on on-premise server did not run very well and slower, when migrated to Azure VM. The same VM also hosted SQL Server for this web site.

1) Presently each VM with one data disk has 500 IOPS limit.

2) It is likely that installing SQL Server and actively using the instance of SQL Server may break this limit. Azure calls it throttling of IOPS. If you have set up monitoring as suggested in one for replies above you may be able to verify that. However, as per our experience, light to moderate usage of SQL Server (with only one data disk and VM not being configured properly) has capacity to throttle IO limits. So that has to be taken seriously.

The fix this issue you need to increase the IOPS limit. That can be achieved by adding more data disks to your virtual machine. Each disk comes with 500 IOPS capacity.

3) Additionally VM has to be configured correctly to install SQL Server to avoid these types of bottlenecks. Merely adding disks would not solve it. You may do the followings

a) Add maximum number of data disk with 1 TB size (as per current offerings each VM, standard A2 size, can have 4 data disk with 1 TB capacity.). Remember that Azure will charge only the portion you use on the disks even though you have attached all of them

b) Stripe all 4 together with a new storage pool. That can be done using Server Manager - Files and Storage Services tab. However, you can not really use this to further configure it. At this moment there is no GUI available. You will have to use PowerShell to configure it. Configuration involves specifying correct values of columns and interleave properties. You may specify 4 columns and 64 kb interleave

c) Once this is done you may create required virtual drives on this storage pool. You may provide allocation size of 64 kb while formatting the drive used for SQL Server data directory.

4) Beside this you may also consider storing your TembDB on D drive on Azure VM. There is no IOPS cap on D drive. However, this is a temporary drive. Each time VM is rebooted it gets cleared.

If you have already set up your VM and using it, then easier solution (if possible) is to create another VM and de-allocate the existing one, once you have migrated everything.

If you do not want to de-allocate the existing VM and you don't have any data disk attached, then it can be done by adding data disk and configuring storage pools. However, if you have attached data disk already and using them then it is hard. I really do not know how to do. I think storage pools cannot be created for data disks already being used as one of physical drives.

In my case I set up entirely new VM and de-allocated the existing one after the migration. Presently, the site is running way faster, the way it should be on the cloud.

Note: Why did the same site behaved correctly initially when migrated to Azure and ran into issues afterwards? (It took around 3 to 4 weeks before the site ran into issues)

As per support person, it was possible that when we configured our VM initially, the rack space may not have anyone except us. So Azure allowed to move our IOPS and did not care much. As more people allocated resources to the same rack space, Azure started balancing the activities to allocate fair usage to others too. Throttling was not allowed and penalties were imposed in terms of performance.

Tuesday, June 16, 2015 8:44:47 PM UTC  #       | 
# Thursday, May 14, 2015

Recently I was working on CRM Dynamics migration where the system was upgraded to the latest version for CRM Dynamics Online. CRM should be using claims based authentication as I was trying to authenticate against my Office 365 account.

I had latest 2015 SDK and trying to utilize early bound approach to integrate in-house applications to CRM Dynamics Online.

Things were okay until I found that the application was throwing an error while saving the context. Ironically, the application was able to generate service proxy with provided Id and Password. It was failing only when I tried saving the context.

I started looking around in SDK where there are many samples given. I figured that unless I specify correct Device credentials the system continued rejecting the request due authentication error mentioned above.

I put in the following code to generate proxy by referring SDK

  IServiceManagement<IOrganizationService> orgServiceManagement =

                        ServiceConfigurationFactory.

                        CreateManagement<IOrganizationService>(crmConnection.ServiceUri);

                    var clientCredentials = crmConnection.ClientCredentials;

                    var authCredentials = new AuthenticationCredentials();

                    authCredentials.ClientCredentials = clientCredentials;

                    authCredentials.SupportingCredentials = new AuthenticationCredentials();

                    authCredentials.SupportingCredentials.ClientCredentials = Microsoft.Crm.Services.Utility.DeviceIdManager.LoadOrRegisterDevice();                   

                    AuthenticationCredentials tokenCredentials = orgServiceManagement.Authenticate(authCredentials);

                    var organizationTokenResponse =

                        tokenCredentials.SecurityTokenResponse;

 

                    return proxy = new OrganizationServiceProxy(orgServiceManagement, organizationTokenResponse); 

It should be noted that this code base should use the connection string specified in "developer resource" tab available when you log in to your CRM account.

If you have set up something similar mentioned above and facing similar issues then you should try using device credentials.

Thursday, May 14, 2015 9:23:34 PM UTC  #       | 
# Sunday, April 13, 2014

In case if you are still not aware then it is good to know that SAP Crystal Report is now supporting Visual Studio 2013. You may be able to download it from here.

http://scn.sap.com/docs/DOC-7824 

Please make sure that you run Exe to integrate it with VS. Running MSI should not do it properly. MSI installs runtime but not integrate it with VS.

Sunday, April 13, 2014 6:22:28 PM UTC  #       | 
# Thursday, November 15, 2012

I am putting together a code snnipet which you can use to create an extended method for any controller in Asp.Net MVC. This method can look into the views, add in model to the views and send a btye stream with application content of PDF type. As all modern browser can understand this type of byte stream, these browsers are able to read the byte stream and show the PDF in browser window.

In your base controller add in the following method. You inherit other controllers from this base controller

public PDFContentResult RenderPDFUsingHTML(string viewName, object model)

{

StringWriter sw = new StringWriter();

RazorViewEngine rv = new RazorViewEngine();

ViewEngineResult vr = rv.FindPartialView(this.ControllerContext, viewName, false);

ViewData.Model = model;

ViewContext vc = new ViewContext(this.ControllerContext, vr.View, ViewData, TempData, sw);

vr.View.Render(vc, sw);

string s = sw.GetStringBuilder().ToString();

/*I am using iTextSharpt to convert raw html into PDF. The following GetHTMLToPDFBytes(s) is implementation of itextSharp. You can also use anyother utility to convet html string into PDF.*/

byte[] pdfByes = GetHTMLToPDFBytes(s);

/*PDFContentResult is a custom ActionResult type. See the following code snippet for the details*/

return new PDFContentResult(pdfByes, "application/pdf");

}

/*---------------------------------------------------------------*/

public class PDFContentResult : ActionResult

{

private readonly string contentType;

private readonly byte[] contentBytes;

public PDFContentResult(byte[] contentBytes, string contentType)

{

this.contentBytes = contentBytes;

this.contentType = contentType;

}

public override void ExecuteResult(ControllerContext context)

{

var response = context.HttpContext.Response;

response.Clear();

response.Cache.SetCacheability(HttpCacheability.Public);

response.ContentType = this.contentType;

using (var stream = new MemoryStream(this.contentBytes))

{

stream.WriteTo(response.OutputStream);

stream.Flush();

}

}

}

Code snippet is self explantory. RenderPDFUsingHTML takes name of view and model as argumets of the method signature. It tries to find out required RazorView based on the given view name, once it is found it inserts the model data to it. Once this is done, it converts the view (raw html) to string, sends this string to iTextSharp to build byte array of PDF.

To make things sipmpler it returns PDFContentResult which is cutom ActionResult type. This is responsible to create a required http response with byte array added to it.

You do the following in your controller to get PDF. Make sure that you first inherit your controller with base controller where you put in the above code snippet. 

public ActionResult GetMyPDF(MyModel model)

{

..... do coding ...... for controller ........

return RenderPDFUsingHTML("MyViewName",model)

}

It is good practice to create another view, which is a simplified version of the original view. Generally the views, which we use for web sites are little complicated as it holds html control such as buttons, dropdown menus, and javaScripts etc. We really do not show them in PDF reports. So the simplified veiw takes the same model but removes not needed javaScripts and other html controls.

Thursday, November 15, 2012 6:07:46 PM UTC  #       | 
# Wednesday, October 31, 2012

Today I wondered why the values inserted by jQuery date picker were not properly parsed by default ASP.NET MVC model binder. I discovered that date picker was following US format (mm/dd/yyyy); however, model binder was following the UK format (dd/mm/yyyy).

I thought to override the model binder for dateTime type. Then I thought it may be too much work and there has to be some easier way. I started looking into ASP.NET MVC web.config structure and found that I could specify the current culture.

I added the following <globalization> element to the <system.web></system.web>

<globalization

requestEncoding="utf-8"

responseEncoding="utf-8"

culture="en-US"

uiCulture="en-US"/>

It solved my problem and model binder was able to parse the date picker's value and model was properly filled in with required dateTime values.

Wednesday, October 31, 2012 10:44:23 PM UTC  #       | 
# Wednesday, September 28, 2011

Nice article regarding HttpContext. Very useful if you are looking forward to know where to use Application_BeginRequest event available in the Global file

protected void Application_BeginRequest(Object sender, EventArgs e)

Refer this link: http://odetocode.com/articles/111.aspx

Happy Coding!

Wednesday, September 28, 2011 2:31:47 PM UTC  #       | 
# Saturday, September 24, 2011

If you every wonder about the VIEWSTATE especially in terms of its security, then this may be a good article

http://aspnetresources.com/articles/ViewState

Please have a look. I'm sure there is a lot to learn from here.

Saturday, September 24, 2011 2:16:23 PM UTC  #       | 
Copyright © 2022 Mayur Bharodia. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: