Introducing Thinktecture IdentityManager
Back in 2005 when Microsoft released the ASP.NET MembershipProvider API, they also included in Visual Studio the ASP.NET WebSite Administration tool. This was used by developers to quickly create and edit users to populate the MembershipProvider database. Given Microsoft’s move away from Membership, this tool was removed from Visual Studio and many developers have missed it. In a similar vein, ever since I built MembershipReboot I’ve been meaning to provide an admin tool to allow similar functionality that was in the ASP.NET WebSite Administration tool. Well, I finally got around to building said tool — introducing Thinktecture IdentityManager. IdentityManager is developed as OWIN middleware and can easily be hosted in any OWIN host. Also given the recent release and popularity of ASP.NET Identity, I designed it to support both MembershipReboot and ASP.NET Identity. It’s very early in its development, but this first preview version is intended to allow developers or administrators to create users, change password, email, phone and claims. Also, you can query the entire database and filter for the user’s user name or name claim (display name). I plan to also add role management support and more self-service identity management features. Also, I will be working on a strategy for securing IdentityManager so it can be used in scenarios beyond just development. Below are some screen shots. Home page: 
Searching/browsing users: 
Editing a user: 
The code that’s needed to host IdentityManager looks something like this:
public void Configuration(IAppBuilder app)
{
app.UseIdentityManager(new IdentityManagerConfiguration()
{
UserManagerFactory = Thinktecture.IdentityManager.MembershipReboot.UserManagerFactory.Create
});
}
As you can tell, it’s fairly simple in terms of the current features and the setup. I’ll write another post with more details on customizing the configuration of the identity libraries. In the meantime, the code for IdentityManager is open source and available on github. There is also a short video showing the features and configuration. Feedback welcome via the github issue tracker.
Trackbacks
- THINKTECTURE ROADMAP FOR 2014 | KAHNE RAJA
- An Interesting List of Development Stuff (April 2014) | rionscode
- Thinktecture.IdentityManager as a replacement for the ASP.NET WebSite Administration tool - Scott Hanselman
- Testing Email In Your Web Application
- Thinktectre IdentityManager beta 1 | brockallen
- An Interesting List of Development Stuff (April 2014) - Rion.IO
brockallen 
I love this guy. Brock you the man! We are just starting to create our first single sign-on setup and your tools will make life so much easier. Don’t stop, keep on developing. Now, if I can just figure out how to make MR work with IdentityServer and this new piece, life will be good. And, need to decide if there is any compelling reason to use ASP.NET Identity instead of MR.
thanks!
Hey Brock, very nice! Good work, I really missed this feature and seems solved with your solution. Thanks :)
thanks :)
Reblogged this on leastprivilege.com.
Hi Brock. Have you put any thought into swim support? Or is that something you plan to leave up to the individual developers?
You mean SCIM? Yes, I started down the SCIM path but it was a lot more work than to just define an abstraction that worked with both MR and AspId. Perhaps down the road, but for now this is what we have.
I think there is issue with running on Azure Websites or Cloud service (index.html not loaded)
If you’re having problems then please open an issue on github’s issue tracker for the project — it’s easier to track it that way. Thx.
Thanks! Huge help!
Brock, you never mention how identity manager may or may not be used with your IdentityReboot. I’m not sure if there is compatibility issues or not. Can you elaborate and advise. Thanks!!!
IdentityManager should with if you’re using IdentityReboot — I’ve not tested it, but there should be no issues.
Hi Brock,
First off, great tool. I don’t know if you remember me but I attended your lectures at the Las Vegas VSLive conference this March (2014) and approached you afterwards with questions on Web API OAuth and Identity Manager. I am trying to add the group feature to the ASP.NET Identity Provider 2.0 so that I can group claims of type role for specific users. Do you have any suggestions as to how you would approach this? Thanks again for your contribution.
Hey Jet — I guess I’m not sure what you’re talking about. Do you mean the role manager support?
I am currently following your demo you showed at VSLive in Vegas on the ASP.NT Identity session. I have put the code on a Github repo:
https://github.com/lexmir/MvcAppWithIdentity
I want to add groups to the ASP.NET Identity manager so that I can assign users to be part of groups and those groups can have claims of type role. For example, if I have a group called Admin, and another group called Scheduler, I could assign multiple claims of type role to Admin (ex. ReadAppointments, WriteAppointments, etc.) and also assign fewer claims to group Scheduler (ReadAppointments, etc). This way, if I remove a user from a group, all of the role claims will not be associated with that user. Is that even possible? Thanks for your help!
Roles were just added to IdentityManager: https://brockallen.com/2014/09/08/thinktectre-identitymanager-beta-1/
I guess, I am looking for a group based authorization feature with ASP.NET Identity 2.0 and am trying to figure out how to implement it. Basically, I would like to be able to add/remove users in an authorization management page from a group which has a set of claims or roles. What would you suggest I look at?
Thanks!
Authorization is done in the application. The identity management library simply stores the identity info for users. You’d need to do your checks in the app. Other than the simple [Authorize] attribute and its role support, Microsoft doesn’t have much else. You can look into the Thinktecture claims based authorization support with the ResourceAuthorize attribute here: https://github.com/thinktecture/Thinktecture.IdentityModel/tree/master/source/Owin.ResourceAuthorization.Mvc
Hi Brock,
Does it support MySql or only specific for MSSQL ?
IdentityManager works with the identity management library, so if they support that DB then so will IdentityManager.
Thank you reply, I got this error : Unable to update database to match the current model because there are pending changes and automatic migration is disabled. Either write the pending model changes to a code-based migration or enable automatic migration. Set DbMigrationsConfiguration.AutomaticMigrationsEnabled to true to enable automatic migration.
I don’t know how to hack with HistoryContext.
This is an EF thing related to your DB. You need to figure that out yourself. Sorry.
OK, finally i sorted out. After, I add attribute [DbConfigurationType(typeof(MySqlEFConfiguration))] on public class DefaultMembershipRebootDatabase : DbContext {}. It’s creates database in MySql. I still don’t know much about your code.
It’s a ugly hack, isn’t it. I add MySql.EF in BrockAllen.MemembershipReboot.ef and change DefaultMembershipRebootDatabase.cs.
Here are things, I am looking now:
1) Don’t understand why it need app.config file inside BrockAllen.MemembershipReboot.ef class library. The configuration information should be read from outside.
2) Trying to understand the flow of dependency injection
Thank you.
Hi Brock,
Is there any way to make a connection with MySql using a MembershipReboot without adding [DbConfigurationType(typeof(MySqlEFConfiguration))] DbConfigurationTypeAttribute on the context class ? DefaultUserAccountRepository.cs and Configuration.cs is bind with DefaultMembershipRebootDatabase.cs. I would be happy if you show me a way that can be done without changing DefaultMembershipRebootDatabase.cs class in BrockAllen.MembershipReboot.Ef.
It sounds like you’re struggling more with EF on this than anything. I don’t know the EF answer, sorry. As for going forward, you can either get MySql working with the EF base classes from MR, or you can implement the IUserAccountRepository directly and use anything you need to to get it to work in MySql.
Thank you, now i am able to connect MySql EF without change any code in BrockAllen.MembershipReboot.Ef library. I can use DefaultUserAccountRepository and I prefer not to change original code. I believe there will be update in MembershipReboot and MembershipReboot.ef in coming days, So i want depend on nugget instead of downloaded local modified library.
Ok, glad you got it working.
Thanks for this great tool! Saves a lot of time. I read somehere that you intend to expand the tool with role administration, and the possibility of storing an “admin” password for the tool itself. Could you perhaps tell me when you intend to make these adjustments?
Regards,
Robert
Still working on it :)
Awesome asp developer uses wordpress to blog about .NET technology … wierd
:)
Hi Brock,
when I implement :
app.Map(
“/identitymanager”,
site =>
{
var factory = new AspNetIdentityIdentityManagerFactory(“MyDatabase”);
site.UseIdentityManager(new IdentityManagerConfiguration()
{
IdentityManagerFactory = factory.Create,
AdminRoleName = “Admin”
});
});
this.ConfigureAuth(app);
in my startup.cs and then I point my browser to : http://localhost:7819/identitymanager
I get the following errors on the browser:
Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:7819/identitymanager/assets/Scripts.Bundle.js
Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:7819/identitymanager/assets/Content.Bundle.min.css
any idea what I am missing and how to map these two elements to the page.
Many thanks
This was recently fixed: https://github.com/thinktecture/Thinktecture.IdentityManager/issues/43. Update to the latest.
Hi Brock,
Many thanks for your reply, but I am using alpha6.
Then open an issue on github for your problem.
Hi
I am using alpha7 and this was the issue i am getting.
I checked the actual Host code of Thinktecture.IdentityManager.AspNetIdentity and compared web.config and my apps web.config.
By adding following portion in my apps web.config worked identitymanager on this url http://localhost/identitymanager
Thanks
Krunal.
Report any issues or feedback on the github issue tracker, please. Thx.
Hi, where can I find how to configure IdentityManager with AspNetIdentity ?
Thankyou!
Check the wiki on github
Sorry I didn’t find the AspNetIdentity one ..
Just changed connection string and it works like a charm, thankyou!!!
Hi
I am using alpha7 and this was the issue i am getting.
I checked the actual Host code of Thinktecture.IdentityManager.AspNetIdentity and compared web.config and my apps web.config.
By adding following portion in my apps web.config worked identitymanager on this url http://localhost/identitymanager
Thanks
Krunal.
Sorry — the blog isn’t a support forum. If you haven’t already, submit an issue to the github issue tracker.
Dear Brockallen, Will it work for Oracle ?
IdentityManager uses EntityFramework, which I believe supports Oracle.
Hi, brockallen, i was using Identity, but i can’t ResetPassword. I know if still stay in VS 2013?
If you have problems, open an issue on the github issue tracker, please.
Thanks, i’ll do.
Hello Brock,
I found this short tutorial, and I tried spin up the identitymanger UI, but I am unable to find the “UserManagerFactory” class. when I added the specified lines above to host IdentityManager.
Are there additional packages required to get those classes?
Below is what I added:
//IdentityManager UI
coreApp.UseIdentityManager(new IdentityManagerConfiguration()
{
UserManagerFactory = Thinktecture.IdentityManager.MembershipReboot.UserManagerFactory.Create
});
But based on the source code posted on github, I do not see that class implemented anywhere?
Please advise.
I think that class was part of the hosting app to provide a factory for the identity manager service, but some of the APIs and class names have changed since I posted this. I’d suggest looking at the sample host in the github repo for the up to date APIs and samples.
Awesome work man, love all your libraries and videos. They are really helpfull. Thanks a lot.
How to combine the IdnentityManager with MembershipReboot.
There’s a repo here for that: https://github.com/thinktecture/Thinktecture.IdentityManager.MembershipReboot
Thanks, great help. That is what I was looking for.
Now I have configured IdentityManager using MembershipReboot.
I am also able to configure Thinktecture.IdentityServer.v3 for SingleSignOn environment.
Now my query is How to load users in IdentityServer from MemebershipReboot.
Have you looked at the IdentityServer wiki and samples? It’s all there.
I studied the WIKI and tried to integrate. I have issue in following statements
var factory = new IdentityServerServiceFactory();*
factory.UserService = Registration.RegisterFactory(()=>MembershipRebootUserServiceFactory.Factory(connString));
This method unable to call the Factory method from ‘MembershipRebootUserServiceFactory’ class
Now I am able to configure IdentityManager using MembershipReboot.
I am also able to configure Thinktecture.IdentityServer.v3 for SingleSignOn environment.
Now I have error with following line in Factory Method
var db = new DefaultMembershipRebootDatabase(connString);
Error: There is already an object named ‘Groups’ in the database.
It is done, It was EF Issue
Brock Hi,
Does ASP.NET Identity 2 support anonymous users?I mean is it possible to manage some user before authentication and then update this user after authentication?
Hmmm, not directly. You’d still have to build a lot of this yourself, but if could be done in terms of ASP.NET Identity (using that as your database).
Two questions: 1. Does this support the multi-tenancy of MR? 2. If I create a prototype using the single-tenant MR, does that make it difficult to convert to multi-tentant later?
1. No. 2. You could start with single tenant, and then move to multi later, but all of your app’s code really needs to be able to handle calling the right APIs on MR (the APIs that accept the tenant param).
You have a source code this example?
https://github.com/IdentityManager/Thinktecture.IdentityManager
I have list of question
1) Is there way to enable two factor authentication enable with “email” in identity manager UI (Asp.net Identity)
2) I can’t find sample code of two factor authentication with Membership reboot and how can i enable two factor authentication when create new users on identity manger UI
3) Does membership reboot support two factor authentication support “email” sending code , if yes do you have any sample
Hi Brock,
Thanks for the great tool. I was wondering if this tool can be used to do SSO for older ASP.NET versions? We want to consolidate identity management for various applications which were developed over past few years.
If you wanted IdMgr to span to older identity management systems you’d have to extend it in the same way that was done for MembershipReboot and ASP.NET Identity. Check the github repos for the code.
Hi Brock,
Just wanted to say thank you for this wonderful tool. You have saved me weeks of development and testing!
Brock, thank you for making this. In Nuget, so many I dont know which one to pick (Thinktecture)? Just have an MVC and trying to create Roles, then assign that Role to a User.
the code must then discriminate based on role and hide or show buttons, allow Edits etc
but which one to pick?? Your 2014 article says IdentityManager. Now in 2016 so many different packages. thanks