User and password login without database RRS feed

  • Question

  • User373134933 posted

    I'm starting an ASP.NET Core project (on .NET Framework 4.6) that requires user login with user name and password. I know how to manage a session and login state in PHP but have never done that in ASP.NET. Now I've read about ASP.NET Core Identity but that requires Entity Framework and a local database for the credentials. I can't use that because there will be no database where the web application runs. Instead, there is a custom network connection to a backend server that does the authentication. (Think of it like a web mail interface with IMAP server authentication. The web app just passes the login data through.)

    What is the suggested procedure to implement such user login on ASP.NET Core without the default database or external providers?

    Can I use Identity at all for this task or should I revert to fully manual session and login management like in PHP 4?

    If Identity can/should be used for this, where can I find documentation about it? The docs.asp.net site only covers the standard case with local database but fails to explain what I need to change to leave out the database. It even pulled in an EntityFramework NuGet package which I haven't requested. I'd also like to know then how Identity works technically. Does it use Session, or cookies, or something else?

    Monday, July 18, 2016 9:58 AM


All replies

  • User-491950272 posted

    You can manually create a user Identity in ASP.NET Core for authenticated users as:

    const string Issuer = "https://contoso.com";
        var claims = new List<Claim>();
        claims.Add(new Claim(ClaimTypes.Name, "barry", ClaimValueTypes.String, Issuer));
        var userIdentity = new ClaimsIdentity("SuperSecureLogin");
        var userPrincipal = new ClaimsPrincipal(userIdentity);
        await HttpContext.Authentication.SignInAsync("Cookie", userPrincipal,
            new AuthenticationProperties
                ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
                IsPersistent = false,
                AllowRefresh = false
        return RedirectToLocal(returnUrl);

    In the required action.

    Monday, July 18, 2016 10:09 AM
  • User373134933 posted

    I still don't know where to put this code snippet. I found that I can install the package Microsoft.AspNetCore.Identity instead of Microsoft.AspNetCore.Identity.EntityFrameworkCore which does not pull in EF. But I still need to provide a "user" and a "role" class. Looking for further information about these concepts.

    Monday, July 18, 2016 12:35 PM
  • User36583972 posted

    Hi  ygoe,

    The following links/examples for your reference.

    Using Cookie Middleware without ASP.NET Core Identity:


    Simple Asp.net Identity Core Without Entity Framework:


    An example of how to use the new ASP.NET Identity authentication without a database:


    Best Regards,

    Yohann Lu

    Tuesday, July 19, 2016 7:05 AM
  • User373134933 posted

    Thank you! Here's one more article I've found to be useful:


    It seems I'm not using "Identity" but rather just some "cookie authentication middleware" that still does a lot of what I need. It still works here if I remove the app.UseIdentity() call and just keep the app.UseCookieAuthentication(). The Identity NuGet package is still required though.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 20, 2016 9:20 AM