Startup.cs User Management Configuration
This article provides information on configuration of user management in Origam application.
- Windows Authentication
- Origam model for USER authentication
- Two-Factor Authentication
- E-mail Address Confirmation Feature
- Complex Configuration Example
Sample Startup.cs
is included in build in file Startup.cs_
. As default Startup.cs_
is configured to use AspNet Membership provider to preserve backwards compatibility.
Registration of callback function
AbstractUserManager.RegisterCreateUserManagerCallback(CreateUserManager);
CreateUserManager Function
private static AbstractUserManager CreateUserManager()
{
return NetMembershipUserManager.Create();
}
Windows Authentication
When you use pure Windows Authentication in IIS (no login screen, just single-sign-on using your Windows credentials) you need to comment out the following section from Startup.cs:
/*
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
ExpireTimeSpan = System.TimeSpan.FromMinutes(10)
});
*/
Origam model for USER authentication
If you decide to use Origam model for user authentication, you need to switch to OrigamModelUserManager
class.
Using OrigamModelUserManager
private static AbstractUserManager CreateUserManager()
{
return OrigamModelUserManager.Create();
}
By default OrigamModelUserManager
class is using following settings:
Setting | Value |
Minimum password length | 12 |
Number of required non-alphanumeric characters in password | 6 |
Number of invalid password attempts | 3 |
Basic OrigamModelUserManager Configuration
private static AbstractUserManager CreateUserManager()
{
OrigamModelUserManager manager = (OrigamModelUserManager)OrigamModelUserManager.Create();
manager.MinimumPasswordLength = 4;
manager.NumberOfRequiredNonAlphanumericCharsInPassword = 0;
manager.NumberOfInvalidPasswordAttempts = 3;
return manager;
}
Two-Factor Authentication
Origam system is capable of two-factor authentication. Right now only email is implemented as the second factor. If two-factor authentication is enabled, the user is redirected after providing username/password to the ~/Login2
URL, where she should provide security code.
~/Login2
URL should be accessible for unauthorized access. You need to amend web.config
in appropriate way.
Two-Factor Authentication: Email
private static AbstractUserManager CreateUserManager()
{
AbstractUserManager manager = OrigamModelUserManager.Create();
manager.RegisterTwoFactorProvider(
"EmailCode", new EmailTokenProvider<OrigamUser>()
{
Subject = "Security Code",
BodyFormat = "Your security code is {0}."
});
manager.EmailService = new IdentityEmailService("admin@origam.com");
manager.Is2FAUsed = true;
return manager;
}
E-mail Address Confirmation Feature
As a new feature Origam provides possibility to confirm e-mail address. This feature is implemented via model of the application, but to be able to use it, user manager needs to have a token provider set up. Feature also provides special URL ~/ConfirmEmail
(see: Email Address Confirmation).
~/ConfirmEmail
URL should be accessible for unauthorized access. You need to amend web.config
in appropriate way.
Token Provider Configuration
private static AbstractUserManager CreateUserManager()
{
AbstractUserManager manager = OrigamModelUserManager.Create();
DpapiDataProtectionProvider protectionProvider
= new DpapiDataProtectionProvider("Origam");
manager.UserTokenProvider = new OrigamTokenProvider(
protectionProvider.Create("Confirmation"));
return manager;
}
Complex Configuration Example
This example of application configured for e-mail address confirmation, two-factor authentication and with customized password settings.
Complex Configuration Example
private static AbstractUserManager CreateUserManager()
{
OrigamModelUserManager manager = (OrigamModelUserManager)OrigamModelUserManager.Create();
// password settings
manager.MinimumPasswordLength = 7;
manager.NumberOfRequiredNonAlphanumericCharsInPassword = 1;
manager.NumberOfInvalidPasswordAttempts = 5;
// two-factor configuration
manager.RegisterTwoFactorProvider(
"EmailCode", new EmailTokenProvider<OrigamUser>()
{
Subject = "Security Code",
BodyFormat = "Your security code is {0}."
});
manager.EmailService = new IdentityEmailService("admin@origam.com");
// e-mail address confirmation
DpapiDataProtectionProvider protectionProvider
= new DpapiDataProtectionProvider("Origam");
manager.UserTokenProvider = new OrigamTokenProvider(
protectionProvider.Create("Confirmation"));
return manager;
}