✅ Configuring .NET 8 Identity
I've set up authentication with .NET Identity on a minimal API and now i am trying to tweak how it works.
currently you call the
/register endpoint and send in a username and password, and the system registers an account. Then you call /login and pass your username and password which then passes back an login token which you can use to authenticate yourself.
I want to require certain actions, such as setting up 2FA and confirming their email (though not yet, haven't gotten around to sending emails automatically yet. seems like an issue for another day) before the user is considered authenticated.
I've done some looking into roles and it seems so close. /register could assign the user the registering role, then calls like /confirmEmail and /manage/2fa could check if requirements have been met and give them a registered role.
Unfortunately my best guess to implement this behavior is to reimplement the /register, /confirmEmail and /manage/2fa endpoints, which i would really like to avoid.
Is there any other way to implement this behaver? Is there a way i can have the endpoint call another method on completion? are there modifiers i could use to implement this? or am i stuck copying everything?3 Replies
The Identity API endpoints are not customizable yet
So, yes, if you want added functionality you'll have to remake those endpoints
well...
darn
can i at least overwrite an endpoint?
(yes i can)
man re implementing these endpoints is going to be a slog
so many supporting methods i cant just import :(
The main thing there is to set the new roles claims, out of the box nothing is set
Depending on the project template you have selected look in program.cs you will see a registration for <AuthenticateStateProvider, HereTheNameOfTheLocalClass> usually the identity claims are set in there if you have a client server project setup then it is on both the client and the server, Client side it has a name like PersistingAuthenticationStateProvider, and server side PersistingRevalidatingAuthenticationStateProvider
So configuring roles to work throughout even with API calls is just 3 steps, setting in Program.cs the addtional .AddRoles<IdentityRole> eventually also the RoleManager, then fixing the claims at the place where there are created with the Principal, then either in code or on the database add the roles, modify the registration page to handle assigning a defaut role and everything should be working