ASP Identity <> Microsoft Entra ID
Hey guys, I'm setting up a project with a local JWT Bearer authn. I created my own User class along with a custom PasswordHasher and TokenProvider to generate JWT tokens. And then I remembered ASP.NET Identity, which provides built-in methods like _signInManager.PasswordSignInAsync, etc. My long-term plan is to migrate to Microsoft Entra ID. Is there an easy switch from ASP.NET Identity to Entra ID? Can I still use _signInManager.PasswordSignInAsync with Entra ID, or will I need to use Microsoft Graph API instead? If so, is the Graph API compatible with ASP.NET Identity abstractions?
6 Replies
If you plan to migrate to Entra ID soon, it might be better to skip ASP.NET Identity and integrate Entra ID from the start using Microsoft.Identity.Web for authentication.
If you still want local authentication first, consider implementing ASP.NET Identity with an external provider setup, so you can later switch to Entra ID more easily.
Unknown User•5w ago
Message Not Public
Sign In & Join Server To View
if the app needs to know the list of the users:
- in Entra ID, they're stored in the Azure Active Directory
- in ASP.NET Identity, they're stored locally
I don't think
signInManager.PasswordSignInAsync can interact with Microsoft Graph API, so ASP.NET Identity's abstraction is no longer applicable.
I also have foreign keys on the User table, which likely means I still need to keep the User table locally for that purpose and add a new column that references the Entra ID user. I haven't done this before, and I'm not sure if this is the best approach.Unknown User•5w ago
Message Not Public
Sign In & Join Server To View
I guess I'll just use Keycloak and will have a local copy of the User table with a reference to KeycloakId
@TeBeCo what do you think about that
Unknown User•5w ago
Message Not Public
Sign In & Join Server To View