Today, we are releasing a preview of ASP.NET Identity. The main focus in this release was to add support for two-factor authentication and fix bugs. We released 2.0.0-alpha1 in December 2013 where we added lots of features. Please read about 2.0.0-alpha1 release here.

Download this release

You can download ASP.NET Identity from the NuGet gallery. You can install or update to these pre-release packages through NuGet using the NuGet Package Manager Console, like this:

• Install-Package Microsoft.AspNet.Identity.EntityFramework –Version 2.0.0-beta1 –Pre
• Install-Package Microsoft.AspNet.Identity.Core -Version 2.0.0-beta1 –Pre
• Install-Package Microsoft.AspNet.Identity.OWIN -Version 2.0.0-beta1 –Pre
• Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta1 –Pre

Please remember to select the “Include Prerelease” option when searching for packages using the NuGet Package Manager or the Package Manager Console. For more information on how to install pre-release packages please read http://docs.nuget.org/docs/Reference/Versioning#Prerelease_Versions and http://docs.nuget.org/docs/release-notes/nuget-1.7#Show_prerelease_packages_in_the_Manage_NuGet_packages_dialog

What’s in this release?

Following is the list of features and major issues that were fixed in 2.0.0-Beta1.

Two-Factor Authentication

ASP.NET Identity now support two-factor authentication. Two-factor authentication provides an extra layer of security to your user accounts in the case where your password gets compromised. Most of the websites protect their data by having a user create an account on their website with a username and password. Passwords are not very secure and sometimes users choose weak passwords which can lead to user accounts being compromised.

To add an extra layer of security, it is important to add a second factor of authentication after a user enters username/ password. Since a password is something a user knows, two-factor authentication allows youto authenticate the user with something only a user possesses such as a phone or email account. Two-factor authentication involves sending the user a code to something only a user has access to such as sending a SMS to user’s phone or emailing the code. The user can enter the code when they get it on their phone or email.

In ASP.NET Identity, the SMS and Email two-factor providers are built in so you can easily configure them to send a text message or email. You can extend and write your own providers such as QR code generators and use Authenticator apps on phones to validate them.

A user can also manage the two-factor authentication options and can enable/ disable two-factor authentication for their user account. This is demonstrated in the ASP.NET Identity Samples NuGet package. A user can also choose to remember the two-factor authentication option if the device they are accessing the website is a personal device so that when they login, they are not asked to verify the two-factor authentication each time. This is a more common usage that we see today in most of the websites.

To try out this feature, you can install ASP.NET Identity Samples NuGet package (in an Empty ASP.NET app) and follow the steps to configure and run the project.

Indexing on Username

In ASP.NET Identity Entity Framework implementation, we have added a unique index on the Username using the new IndexAttribute in EF 6.1.0-Beta1. We did this to ensure that Usernames are always unique and there was no race condition in which you could end up with duplicate usernames.

Enhanced Password Validator

The password validator that was shipped in ASP.NET Identity 1.0 was a fairly basic password validator which was only validating the minimum length. There is a new password validator which gives you more control over the complexity of the password. Please note that even if you turn on all the settings in this password, we do encourage you to enable two-factor authentication for the user accounts.

ASP.NET Identity Samples NuGet package

We are releasing a Samples NuGet package to make it easier to install and run samples for ASP.NET Identity and follow the best practices. This is a sample ASP.NET MVC application. Please modify the code to suit your application before you deploy this in production. The sample should be installed in an Empty ASP.NET application.

Following are the features in this samples package

• Initialize ASP.NET Identity to create an Admin user and Admin role.
• Since ASP.NET Identity is Entity Framework based in this sample, you can use the existing methods of initializing the database as you would have done in EF.
• Configure user and password validation.
• Register a user and login using username and password
• Login using a social account such as Facebook, Twitter, Google, Microsoft account etc.
• Basic User management
• Do Create, Update, List and Delete Users. Assign a Role to a new user.
• Basic Role management
• Do Create, Update, List and Delete Roles.
• Account Confirmation
• Password Reset
• Two-Factor authentication
• Security Token providers
• Configure the Db context and UserManager to use a single instance per request.
• The AccountController has been split into Account and Manage controller. This was done to simplify the account management code.

Following is the list of features and major issues that were fixed in 2.0.0-Alpha1.

For the full list of the features please read the following blog post for more details.

• Account Confirmation
• Password Reset
• Security Token Provider
• Make the type of Primary Key be extensible for Users and Roles
• Support IQueryable on Users and Roles
• Support Delete operation through the UserManager
• UserManagerFactory Middleware
• DbContextFactory Middleware

Entity Framework 6.1.0-Beta1

ASP.NET Identity 2.0.0-beta1 depends upon Entity Framework 6.1.0-beta1 which was also released today. For more details please read the following announcement post for more details.

List of bugs fixed

You can look at all the bugs that were fixed in this release by clicking this link.

Samples

• We have a sample project which shows these new features at https://aspnet.codeplex.com. Please look for the Identity folder in the source. https://aspnet.codeplex.com/SourceControl/latest
• For documentation on ASP.NET Identity please visit http://www.asp.net/identity. We are working on adding more documentation on this site.

Known Issues/ Change list

Migrating from ASP.NET Identity 2.0.0-alpha1 to 2.0.0-beta1

Following are the changes you will have to make to your application if you are upgrading from 2.0.0-alpha1 to 2.0.0-Beta1 of Identity.

· GetUserManager() extension method moved under Microsoft.AspNet.Identity.Owin namespace

· GetConfirmationToken property on UserManager changed to GetEmailConfirmationToken

· ConfirmUser() method changed to ConfirmEmail()

· IsConfirmed() method changed to IsEmailConfirmed()

· UserManagerFactory() changed to CreatePerOwinContext<T>()

· ApplicationCreate static method on UserManager method now has an additional method which takes in a parameter for IOwinContext

· PasswordResetTokens and UserConfirmationTokens properties on UserManager are now replaced with a single UserTokenProvider property on UserManager

· DataProtectorTokenProvider class now strongly typed with generics DataProtectorTokenProvider<TUser>

· IsConfirmed column in the AspnetUsers Table has been renamed to EmailConfirmed.

• If you are using Entity Framework Code First Migrations to migrate the database from 2.0.0-alpha1 to 2.0.0-Beta1 then you need to edit the migrations script that were generated by the EF migrations.

                       Following is what is generated

            AddColumn("dbo.AspNetUsers", "EmailConfirmed", c => c.Boolean(nullable: false));

            DropColumn("dbo.AspNetUsers", "IsConfirmed");

            You need to change it to

                        RenameColumn("dbo.AspNetUsers", "IsConfirmed","EmailConfirmed");

Known issues in Entity Framework while migrating from Entity Framework 6.1.0-alpha1 to 6.1.0-beta

Entity Framework changed the way indexes were being recognized which causes the indexes between tables to be generated even though they exist. This is a known behavior and occurs only when migrating from EF 6.1.0-alpha to 6.1.0-beta1. For ASP.NET Identity the generated migration script will have the following incorrect entries

            CreateIndex("dbo.AspNetUserRoles", "UserId");

            CreateIndex("dbo.AspNetUserRoles", "RoleId");

            CreateIndex("dbo.AspNetUsers", "VehicleId");

            CreateIndex("dbo.AspNetUserClaims", "UserId");

            CreateIndex("dbo.AspNetUserLogins", "UserId");

Any custom index declaration by user defined classes will also be present here. Running this as is will cause it to fail since the indexes are already present. The solution is to delete these ''CreateIndex' calls for existing indexes

Migrating from ASP.NET Identity 1.0 to 2.0.0-beta1

If you are migrating from ASP.NET Identity 1.0 to 2.0.0-Beta1, then please refer to this article on how you can use Entity Framework Code First migrations to migrate your database http://blogs.msdn.com/b/webdev/archive/2013/12/20/updating-asp-net-applications-from-asp-net-identity-1-0-to-2-0-0-alpha1.aspx

This article is based on migrating to ASP.NET Identity 2.0.0-alpha1 but the same steps apply to ASP.NET Identity 2.0.0-beta1

Give feedback and get support

• If you find any bugs please open them at our Codeplex Site where we track all our bugs https://aspnetidentity.codeplex.com/
• If you want to discuss these features, please discuss them on Stack Overflow and use the following tag “asp.net-identity”

Thank You for trying out the preview and your feedback for ASP.NET Identity.