Startup cs User Management Configuration

system · December 31, 2017, 11:00pm

Startup.cs User Management Configuration

This article provides information on configuration of user management in Origam application.

Windows Authentication
Origam model for USER authentication
Two-Factor Authentication
E-mail Address Confirmation Feature
Complex Configuration Example

Sample Startup.cs is included in build in file Startup.cs_. As default Startup.cs_ is configured to use AspNet Membership provider to preserve backwards compatibility.

Registration of callback function

AbstractUserManager.RegisterCreateUserManagerCallback(CreateUserManager);

CreateUserManager Function

private static AbstractUserManager CreateUserManager()
{
    return NetMembershipUserManager.Create();
}

Windows Authentication

When you use pure Windows Authentication in IIS (no login screen, just single-sign-on using your Windows credentials) you need to comment out the following section from Startup.cs:

/*
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Login"),
    ExpireTimeSpan = System.TimeSpan.FromMinutes(10)
});
*/

Origam model for USER authentication

If you decide to use Origam model for user authentication, you need to switch to OrigamModelUserManager class.

Using OrigamModelUserManager

private static AbstractUserManager CreateUserManager()
{
    return OrigamModelUserManager.Create();
}

By default OrigamModelUserManager class is using following settings:


Setting	Value
Minimum password length	12
Number of required non-alphanumeric characters in password	6
Number of invalid password attempts	3

Basic OrigamModelUserManager Configuration

private static AbstractUserManager CreateUserManager()
{
    OrigamModelUserManager manager = (OrigamModelUserManager)OrigamModelUserManager.Create();
    manager.MinimumPasswordLength = 4;
    manager.NumberOfRequiredNonAlphanumericCharsInPassword = 0;
    manager.NumberOfInvalidPasswordAttempts = 3;
    return manager;
}

Two-Factor Authentication

Origam system is capable of two-factor authentication. Right now only email is implemented as the second factor. If two-factor authentication is enabled, the user is redirected after providing username/password to the ~/Login2 URL, where she should provide security code.

~/Login2 URL should be accessible for unauthorized access. You need to amend web.config in appropriate way.

Two-Factor Authentication: Email

private static AbstractUserManager CreateUserManager()
{
    AbstractUserManager manager = OrigamModelUserManager.Create();
    manager.RegisterTwoFactorProvider(
        "EmailCode", new EmailTokenProvider<OrigamUser>()
        {
             Subject = "Security Code",
             BodyFormat = "Your security code is {0}."
        });
    manager.EmailService = new IdentityEmailService("admin@origam.com");
    manager.Is2FAUsed = true;
    return manager;
}

E-mail Address Confirmation Feature

As a new feature Origam provides possibility to confirm e-mail address. This feature is implemented via model of the application, but to be able to use it, user manager needs to have a token provider set up. Feature also provides special URL ~/ConfirmEmail (see: Email Address Confirmation).

~/ConfirmEmail URL should be accessible for unauthorized access. You need to amend web.config in appropriate way.

Token Provider Configuration

private static AbstractUserManager CreateUserManager()
{
    AbstractUserManager manager = OrigamModelUserManager.Create();
    DpapiDataProtectionProvider protectionProvider 
        = new DpapiDataProtectionProvider("Origam");
    manager.UserTokenProvider = new OrigamTokenProvider(
        protectionProvider.Create("Confirmation"));
    return manager;
}

Complex Configuration Example

This example of application configured for e-mail address confirmation, two-factor authentication and with customized password settings.

Complex Configuration Example

private static AbstractUserManager CreateUserManager()
{
    OrigamModelUserManager manager = (OrigamModelUserManager)OrigamModelUserManager.Create();
    // password settings
    manager.MinimumPasswordLength = 7;
    manager.NumberOfRequiredNonAlphanumericCharsInPassword = 1;
    manager.NumberOfInvalidPasswordAttempts = 5;
    // two-factor configuration
    manager.RegisterTwoFactorProvider(
        "EmailCode", new EmailTokenProvider<OrigamUser>()
        {
             Subject = "Security Code",
             BodyFormat = "Your security code is {0}."
        });
    manager.EmailService = new IdentityEmailService("admin@origam.com");
    // e-mail address confirmation
    DpapiDataProtectionProvider protectionProvider 
        = new DpapiDataProtectionProvider("Origam");
    manager.UserTokenProvider = new OrigamTokenProvider(
        protectionProvider.Create("Confirmation"));
    return manager;
}