Secure ASP.NET MVC5 Application with Asp.Net Identity

Download Report

Transcript Secure ASP.NET MVC5 Application with Asp.Net Identity

Secure ASP.NET MVC5 Application with Asp.Net
Identity
Changde Wu
Self Introduction
Professional .NET Developer in greater Boston area
Specialized in WPF and ASP.NET MVC
Path
Started as developer with C++, Oracle Pro/C++
Mutltiple years of Java developer with J2EE, many java certificates
Started .NET from WCF and Sharepoint
Finally focused on WPF and ASP.NET MVC
Intro cont.
Serious Web programing
Started with Java Servlet and JSP
Development based on SharePoint
Asp.net Web development for commercial web sites
Maintain a personal web site
The presentation material will be available shortly at
http://www.jiacheng-laowu.com/professional
Contact:
[email protected]
Agenda
1. Some basics of web security
2. About Asp.net Identity
3. Start your first project with Identity in mind
4. Get around identity feature from the startup
project
5. Use external logins
6. Verify User account before allow login
Agenda (cont.)
7. Two factor login (2-FA)
8. Password reset and account lockout
9. Customize application user
10.User and role administration
11.Resources
Completed project
The complete project is available for downloading and playing.
The project is complete and have every thing you need, including create/edit/delete users and roles.
To run the project smoothly, follow these guidelines.
Item 1: Use Local IIS and SQL Server
Configure your web site runs on standard ports (80 for http, 443 for https)
Set your web site url as: www.private-yuandi.com, point the root to this project directory!
If you run local IIS, be sure to launch Visual Studio 2013 update 4 with admin privilege
Set your Database name as AspIdentityWeb (check the DefaultConnection db connection string for detail)
Item 2:
For external logins, you can create you own. You are also welcome to use the ones I created for this project.
See the <!-- External Logins --> part in Web.config for detail.
Set your web site url as: www.private-yuandi.com
Set your Database name as AspIdentityWeb (check the DefaultConnection db connection string for detail)
Please find out the <!-- gmail --> and <!-- Twilio--> and add your account credential to use email and SMS services
Item3:
If you encounter the DB schema exception, run Update-Database from your Visual studio “Package Manage
Console” for the correct schema. I have already created the migration script for your ready use.
Item4. Default admin user [email protected] with password Boss_1234 is created by DB initializer to access
UserAdmin area for admin jobs.
Have fun and send me message if you have trouble.