Skip to content

Introducing Thinktecture IdentityManager

April 9, 2014

Back in 2005 when Microsoft released the ASP.NET MembershipProvider API, they also included in Visual Studio the ASP.NET WebSite Administration tool. This was used by developers to quickly create and edit users to populate the MembershipProvider database. Given Microsoft’s move away from Membership, this tool was removed from Visual Studio and many developers have missed it. In a similar vein, ever since I built MembershipReboot I’ve been meaning to provide an admin tool to allow similar functionality that was in the ASP.NET WebSite Administration tool. Well, I finally got around to building said tool — introducing Thinktecture IdentityManager. IdentityManager is developed as OWIN middleware and can easily be hosted in any OWIN host. Also given the recent release and popularity of ASP.NET Identity, I designed it to support both MembershipReboot and ASP.NET Identity. It’s very early in its development, but this first preview version is intended to allow developers or administrators to create users, change password, email, phone and claims. Also, you can query the entire database and filter for the user’s user name or name claim (display name). I plan to also add role management support and more self-service identity management features. Also, I will be working on a strategy for securing IdentityManager so it can be used in scenarios beyond just development. Below are some screen shots. Home page: idmgr1 Searching/browsing users: idmgr2 Editing a user: idmgr3 The code that’s needed to host IdentityManager looks something like this:

public void Configuration(IAppBuilder app)
    app.UseIdentityManager(new IdentityManagerConfiguration()
        UserManagerFactory = Thinktecture.IdentityManager.MembershipReboot.UserManagerFactory.Create

As you can tell, it’s fairly simple in terms of the current features and the setup. I’ll write another post with more details on customizing the configuration of the identity libraries. In the meantime, the code for IdentityManager is open source and available on github. There is also a short video showing the features and configuration. Feedback welcome via the github issue tracker.

75 Comments leave one →
  1. Connie DeCinko permalink
    April 9, 2014 11:09 am

    I love this guy. Brock you the man! We are just starting to create our first single sign-on setup and your tools will make life so much easier. Don’t stop, keep on developing. Now, if I can just figure out how to make MR work with IdentityServer and this new piece, life will be good. And, need to decide if there is any compelling reason to use ASP.NET Identity instead of MR.

  2. April 10, 2014 12:05 am

    Hey Brock, very nice! Good work, I really missed this feature and seems solved with your solution. Thanks :)

  3. April 10, 2014 3:52 am

    Reblogged this on

  4. mrdan permalink
    April 12, 2014 12:25 pm

    Hi Brock. Have you put any thought into swim support? Or is that something you plan to leave up to the individual developers?

    • April 12, 2014 1:16 pm

      You mean SCIM? Yes, I started down the SCIM path but it was a lot more work than to just define an abstraction that worked with both MR and AspId. Perhaps down the road, but for now this is what we have.

  5. Phyo permalink
    April 23, 2014 6:34 pm

    I think there is issue with running on Azure Websites or Cloud service (index.html not loaded)

    • April 23, 2014 8:13 pm

      If you’re having problems then please open an issue on github’s issue tracker for the project — it’s easier to track it that way. Thx.

  6. April 29, 2014 11:28 am

    Thanks! Huge help!

  7. May 6, 2014 9:47 pm

    Brock, you never mention how identity manager may or may not be used with your IdentityReboot. I’m not sure if there is compatibility issues or not. Can you elaborate and advise. Thanks!!!

    • May 8, 2014 10:29 am

      IdentityManager should with if you’re using IdentityReboot — I’ve not tested it, but there should be no issues.

  8. Jet permalink
    June 10, 2014 5:12 pm

    Hi Brock,

    First off, great tool. I don’t know if you remember me but I attended your lectures at the Las Vegas VSLive conference this March (2014) and approached you afterwards with questions on Web API OAuth and Identity Manager. I am trying to add the group feature to the ASP.NET Identity Provider 2.0 so that I can group claims of type role for specific users. Do you have any suggestions as to how you would approach this? Thanks again for your contribution.

    • June 11, 2014 8:34 am

      Hey Jet — I guess I’m not sure what you’re talking about. Do you mean the role manager support?

      • Jet permalink
        June 16, 2014 4:34 pm

        I am currently following your demo you showed at VSLive in Vegas on the ASP.NT Identity session. I have put the code on a Github repo:

        I want to add groups to the ASP.NET Identity manager so that I can assign users to be part of groups and those groups can have claims of type role. For example, if I have a group called Admin, and another group called Scheduler, I could assign multiple claims of type role to Admin (ex. ReadAppointments, WriteAppointments, etc.) and also assign fewer claims to group Scheduler (ReadAppointments, etc). This way, if I remove a user from a group, all of the role claims will not be associated with that user. Is that even possible? Thanks for your help!

      • Jet permalink
        June 25, 2014 8:28 pm

        I guess, I am looking for a group based authorization feature with ASP.NET Identity 2.0 and am trying to figure out how to implement it. Basically, I would like to be able to add/remove users in an authorization management page from a group which has a set of claims or roles. What would you suggest I look at?


  9. Bhagi Raj Limbu permalink
    June 21, 2014 11:00 am

    Hi Brock,

    Does it support MySql or only specific for MSSQL ?

    • June 23, 2014 3:36 pm

      IdentityManager works with the identity management library, so if they support that DB then so will IdentityManager.

      • Bhagi Raj Limbu permalink
        June 28, 2014 11:47 am

        Thank you reply, I got this error : Unable to update database to match the current model because there are pending changes and automatic migration is disabled. Either write the pending model changes to a code-based migration or enable automatic migration. Set DbMigrationsConfiguration.AutomaticMigrationsEnabled to true to enable automatic migration.

        I don’t know how to hack with HistoryContext.

        • June 28, 2014 12:22 pm

          This is an EF thing related to your DB. You need to figure that out yourself. Sorry.

          • Bhagi Raj Limbu permalink
            June 29, 2014 10:30 am

            OK, finally i sorted out. After, I add attribute [DbConfigurationType(typeof(MySqlEFConfiguration))] on public class DefaultMembershipRebootDatabase : DbContext {}. It’s creates database in MySql. I still don’t know much about your code.

            It’s a ugly hack, isn’t it. I add MySql.EF in BrockAllen.MemembershipReboot.ef and change DefaultMembershipRebootDatabase.cs.

            Here are things, I am looking now:
            1) Don’t understand why it need app.config file inside BrockAllen.MemembershipReboot.ef class library. The configuration information should be read from outside.
            2) Trying to understand the flow of dependency injection

            Thank you.

  10. Bhagi Raj Limbu permalink
    July 3, 2014 5:21 am

    Hi Brock,
    Is there any way to make a connection with MySql using a MembershipReboot without adding [DbConfigurationType(typeof(MySqlEFConfiguration))] DbConfigurationTypeAttribute on the context class ? DefaultUserAccountRepository.cs and Configuration.cs is bind with DefaultMembershipRebootDatabase.cs. I would be happy if you show me a way that can be done without changing DefaultMembershipRebootDatabase.cs class in BrockAllen.MembershipReboot.Ef.

    • July 3, 2014 9:30 am

      It sounds like you’re struggling more with EF on this than anything. I don’t know the EF answer, sorry. As for going forward, you can either get MySql working with the EF base classes from MR, or you can implement the IUserAccountRepository directly and use anything you need to to get it to work in MySql.

      • Bhagi Raj Limbu permalink
        July 3, 2014 11:44 am

        Thank you, now i am able to connect MySql EF without change any code in BrockAllen.MembershipReboot.Ef library. I can use DefaultUserAccountRepository and I prefer not to change original code. I believe there will be update in MembershipReboot and MembershipReboot.ef in coming days, So i want depend on nugget instead of downloaded local modified library.

  11. Robert permalink
    July 8, 2014 4:06 am

    Thanks for this great tool! Saves a lot of time. I read somehere that you intend to expand the tool with role administration, and the possibility of storing an “admin” password for the tool itself. Could you perhaps tell me when you intend to make these adjustments?



  12. john permalink
    July 10, 2014 4:57 am

    Awesome asp developer uses wordpress to blog about .NET technology … wierd

  13. zardaloop permalink
    August 19, 2014 11:43 am

    Hi Brock,

    when I implement :

    site =>
    var factory = new AspNetIdentityIdentityManagerFactory(“MyDatabase”);
    site.UseIdentityManager(new IdentityManagerConfiguration()
    IdentityManagerFactory = factory.Create,
    AdminRoleName = “Admin”

    in my startup.cs and then I point my browser to : http://localhost:7819/identitymanager

    I get the following errors on the browser:

    Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:7819/identitymanager/assets/Scripts.Bundle.js

    Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:7819/identitymanager/assets/Content.Bundle.min.css

    any idea what I am missing and how to map these two elements to the page.

    Many thanks

  14. mrcs3-alfano permalink
    August 27, 2014 6:41 am

    Hi, where can I find how to configure IdentityManager with AspNetIdentity ?

    • August 27, 2014 8:56 am

      Check the wiki on github

      • mrcs3-alfano permalink
        August 27, 2014 9:20 am

        Sorry I didn’t find the AspNetIdentity one ..
        Just changed connection string and it works like a charm, thankyou!!!

  15. August 27, 2014 8:49 am


    I am using alpha7 and this was the issue i am getting.

    I checked the actual Host code of Thinktecture.IdentityManager.AspNetIdentity and compared web.config and my apps web.config.

    By adding following portion in my apps web.config worked identitymanager on this url http://localhost/identitymanager


    • September 8, 2014 2:57 pm

      Sorry — the blog isn’t a support forum. If you haven’t already, submit an issue to the github issue tracker.

  16. Karthick permalink
    September 8, 2014 4:01 am

    Dear Brockallen, Will it work for Oracle ?

    • September 8, 2014 9:10 am

      IdentityManager uses EntityFramework, which I believe supports Oracle.

      • nildson permalink
        September 9, 2014 9:13 am

        Hi, brockallen, i was using Identity, but i can’t ResetPassword. I know if still stay in VS 2013?

        • September 9, 2014 9:25 am

          If you have problems, open an issue on the github issue tracker, please.

          • nildson permalink
            September 9, 2014 12:50 pm

            Thanks, i’ll do.

  17. Dante permalink
    November 6, 2014 3:02 pm

    Hello Brock,

    I found this short tutorial, and I tried spin up the identitymanger UI, but I am unable to find the “UserManagerFactory” class. when I added the specified lines above to host IdentityManager.

    Are there additional packages required to get those classes?

    Below is what I added:
    //IdentityManager UI
    coreApp.UseIdentityManager(new IdentityManagerConfiguration()
    UserManagerFactory = Thinktecture.IdentityManager.MembershipReboot.UserManagerFactory.Create

    But based on the source code posted on github, I do not see that class implemented anywhere?

    Please advise.

    • November 8, 2014 8:55 am

      I think that class was part of the hosting app to provide a factory for the identity manager service, but some of the APIs and class names have changed since I posted this. I’d suggest looking at the sample host in the github repo for the up to date APIs and samples.

  18. Dagim permalink
    November 13, 2014 7:44 am

    Awesome work man, love all your libraries and videos. They are really helpfull. Thanks a lot.

  19. November 14, 2014 1:19 am

    How to combine the IdnentityManager with MembershipReboot.

  20. November 20, 2014 6:19 pm

    I studied the WIKI and tried to integrate. I have issue in following statements

    var factory = new IdentityServerServiceFactory();*
    factory.UserService = Registration.RegisterFactory(()=>MembershipRebootUserServiceFactory.Factory(connString));

    This method unable to call the Factory method from ‘MembershipRebootUserServiceFactory’ class

    • November 21, 2014 8:09 pm

      Now I am able to configure IdentityManager using MembershipReboot.
      I am also able to configure Thinktecture.IdentityServer.v3 for SingleSignOn environment.

      Now I have error with following line in Factory Method
      var db = new DefaultMembershipRebootDatabase(connString);

      Error: There is already an object named ‘Groups’ in the database.

  21. Alexey Auslender permalink
    January 21, 2015 2:28 pm

    Brock Hi,
    Does ASP.NET Identity 2 support anonymous users?I mean is it possible to manage some user before authentication and then update this user after authentication?

    • January 26, 2015 6:06 pm

      Hmmm, not directly. You’d still have to build a lot of this yourself, but if could be done in terms of ASP.NET Identity (using that as your database).

  22. January 28, 2015 1:26 pm

    Two questions: 1. Does this support the multi-tenancy of MR? 2. If I create a prototype using the single-tenant MR, does that make it difficult to convert to multi-tentant later?

    • January 28, 2015 1:30 pm

      1. No. 2. You could start with single tenant, and then move to multi later, but all of your app’s code really needs to be able to handle calling the right APIs on MR (the APIs that accept the tenant param).

  23. Rodrigo permalink
    February 24, 2015 11:10 pm

    You have a source code this example?

  24. Bhagi Raj Limbu permalink
    March 16, 2015 12:23 pm

    I have list of question
    1) Is there way to enable two factor authentication enable with “email” in identity manager UI ( Identity)
    2) I can’t find sample code of two factor authentication with Membership reboot and how can i enable two factor authentication when create new users on identity manger UI
    3) Does membership reboot support two factor authentication support “email” sending code , if yes do you have any sample

  25. Munaf K permalink
    September 21, 2015 7:57 am

    Hi Brock,
    Thanks for the great tool. I was wondering if this tool can be used to do SSO for older ASP.NET versions? We want to consolidate identity management for various applications which were developed over past few years.

    • October 1, 2015 5:11 pm

      If you wanted IdMgr to span to older identity management systems you’d have to extend it in the same way that was done for MembershipReboot and ASP.NET Identity. Check the github repos for the code.

  26. OneLineExplanation permalink
    June 7, 2016 12:14 am

    Hi Brock,

    Just wanted to say thank you for this wonderful tool. You have saved me weeks of development and testing!

  27. Brad Rogers permalink
    June 10, 2016 5:42 pm

    Brock, thank you for making this. In Nuget, so many I dont know which one to pick (Thinktecture)? Just have an MVC and trying to create Roles, then assign that Role to a User.

    the code must then discriminate based on role and hide or show buttons, allow Edits etc

    but which one to pick?? Your 2014 article says IdentityManager. Now in 2016 so many different packages. thanks


  2. An Interesting List of Development Stuff (April 2014) | rionscode
  3. Thinktecture.IdentityManager as a replacement for the ASP.NET WebSite Administration tool - Scott Hanselman
  4. Testing Email In Your Web Application
  5. Thinktectre IdentityManager beta 1 | brockallen
  6. An Interesting List of Development Stuff (April 2014) - Rion.IO

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: