ASP.NET Identity Recommended Resources

by Rick Anderson

This topic provides links to documentation resources about how to use ASP.NET Identity.

If you know a great blog post, stackoverflow thread, or any other link that would be useful, [send us an email](aspnetue@microsoft.com?subject=Identity recommended resources) with the link or just leave a message at the bottom of this page.

Getting Started with ASP.NET Identity

Intermediate ASP.NET Identity

Where to ask questions, request features, report a bug and nightly builds

Blog posts on Identity

Videos

Custom Storage Providers for ASP.NET Identity

If you want to write your own provider, read Overview of Custom Storage Providers for ASP.NET Identity and Implementing ASP.NET Identity and then examine the source of one of the OSS projects listed below.

Additional ASP.NET Identity Resources

Q&A (question/answer)

  • Q: Locked out users who have enabled "remember me" (so they don't have to go through 2FA on that computer/browser) are not locked out. Why and how do I prevent that? Answer here.
  • Q: How can I store custom claims, such as the user's real name, in the ASP.NET Identity cookie to avoid unnecessary database queries on every request. Answer here.
  • Q: Updating AspNetUser Password Hash: I have 2 projects. One of them is using ASP.NET authentication, the other uses Windows authentication, which is the administration side. I want the Admin project to be able to manage the users of the other. I can modify everything except the password. Answer here.
  • Q: How can I reset password as a admin for other users? Answer here.
  • Q: Can I change the displayed name of the UserName field in ASP.NET MVC IdentityUser? Answer here.
  • Q: How can I gran users permissions to add other users to certain roles? Answer here.
  • Q: Storing profile information in the AspNetUsers table vs. the AspNetUserClaims table. Answer here.
  • Q: Remember me when using an external authentication provider. Answer here.
  • Q: Why does every request require a ApplicationDBContext, isn't that too much overhead?. Answer, No, the overhead is low.
  • Q: How do I get a list of logged in users? Answer here.
  • Q: How can I detect when a user logs in with Microsoft.AspNet.Identity? Answer here.
  • Q: How do I get localized error messages for Identity? Answer here.
  • Q: How do I configure the CookieMiddleware to get fresh claims every 30 minutes? Answer here.
  • Q: How do modify the claims for the user after they have signed in? Answer here.
  • Q: How do I invalidate security tokens? Answer here.
  • Q: How do is store claims in the cookie middleware? Answer here.
  • Q: I'd like to have a PIN or security check on each action method in my MVC app, but I'd like to store the users success so they don't have to enter the PIN on every request to that action method. Answer here.
  • Q: I'd like to save the returned email address from a social provider to the DB, how do I do that? Answer here:
  • Q: How can I detect when a user logs in both with/with-out a "remember me" cookie? Answer here.
  • Q: Can I modify claims in ASP.NET Identity with OWIN after calling SignIn? Answer: Calling SignIn is exactly what you are supposed to do when you want to modify the claims for the user. It basically causes the ClaimsIdentity to be serialized into the cookie, which is why you see the new claims show up on subsequent requests.