asp.net-identity-2

I am using Webapi with Identity2.0 AccessFailedCount, LockoutEndDateUtc is not incermenting on Invalid UserName and Password. I have implement Token Based Authentication provided by WebAPI. Please help . here is code Snippet using (UserManager<ApplicationUser> userManager = userManagerFactory) { ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } if (await userManager.IsLockedOutAsync(user.Id)) { context.SetError("lock_out", "The account is locked.");

We have a product that is using Asp.Net identity where we want the cookie expiry time to be configurable. The ExpireTimeSpan is currently set in the Startup.ConfigureAuth class that the Visual Studio creates for you with a new project. This is getting the time from a configuration file on startup but we want to be able to change this value from a webAPI. As it stands, the webAPI request can modify the config file but we need to recycle the app pool to get it to take effect. Is there any way to change this value once the server is already up and running? All I found on this subject is this

I have developed an authentication mechanism in Asp.Net Web Api 2 with the feature for granting refresh tokens, based on the tutorial on Taiseer's blog. Here is my question. Assume the following scenario: A user logs in using password and get a refresh token and an access token. The access token in fact includes what roles he is in (hence his authorities within the app). In the mean time the system admin will change this person's roles, so once his access token expires and he wants to use the refresh token to obtain a new access token, his new access token must include the newly updated roles

This might actually be more of a conceptual question. In Asp.Net Identity the PasswordHasher generates a different hash for the same string every time you do: new PasswordHasher.HashPassword("myString"); Now if for some reason I need to manually compare a user's input to the password saved in the database, I will most probably get a different string when I hash the user's entered password, than the one that is stored in the database. Can someone please explain this to me? Shouldn't hashing the same string result in the same hash and if not, how does Identity itself realize that two different

I am trying to figure out how to find user role name in identity framework. I have such configuration that there will be only one role assigned to a user. So, I tried using public string GetUserRole(string EmailID, string Password) { var user = await _userManager.FindAsync(EmailID, Password); var roleid= user.Roles.FirstOrDefault().RoleId; } But what I get is just RoleId and not RoleName. Can anyone help me to find the RoleName for the user? In your code, user object represents the AspNetUsers table which has a navigation property Roles which represents the AspNetUserInRoles table and not the

I am using ASP.NET MVC 5 and Identity Framework. When I call UserManager.UpdateAsync(...) my eventhandlers on ApplicationDbContext() SaveChanges will run. Here I am using HttpContext.Current for different purposes (logging and auditing) so I must get say current user. However the whole method runs in a worker thread, and here HttpContext.Current is null. The biggest problem that the UserManager's "sync" methods are only wrappers around the async version, so the calls are serialized, but the methods (and eventhandlers) still run in a different worker thread. Please note this issue has nothing

Why is the IdentityUser class in the Microsoft.AspNet.Identity.EntityFramework package instead of being included in the Microsoft.AspNet.Identity.Core package? Why should it depend on EntityFramework? It seems to be a simple class. What am I missing? I typically separate by Data layer from my DAL. Adding a dependency to EntityFramework for the IdentityUser class seems a bit much. The design of the core of Identity is not coupled to EF or to any specific shape of user and role types. Everything is abstracted by the stores. In fact, for any given persistence provider, the types don't even need

How do i display a list of Users and their Roles in ASP.NET Identity 2.0. Example... John Doe - Admin Bob Smith - User So far I have created a UserRoleViewModel public string fname { get; set; } public string rname { get; set; } In the controller, I have done the following... ApplicationDbContext db = new ApplicationDbContext(); UserRoleViewModel obj = new UserRoleViewModel(); var result = from u in db.Users select new UserRoleViewModel { fname = u.FirstName, rname = ??? }; return View(result); Is this the correct approach ? If yes, how do i get the role for the user in rname ? Does @Model

We are in the process of developing a in house mobile application and web api. We are using asp.net web api 2 with asp.net Identy 2 OAuth. I have got the api up and running and giving me a bearer token. However I want to slightly modify the process flow to something like along the lines of this: App user logs in to api with username and password. App receives Refresh-token which is valid for 30 days. App then requests an access token providing the api with the refresh token. ( Here I want to be able to invalidate a request if the user has changed their password or their account has been locked