Aspnetcore.docs: Blazor and jwt problems with Scaffold Identity

Created on 6 Sep 2018  ·  13Comments  ·  Source: dotnet/AspNetCore.Docs

Moved from #7633 by @sbsw
These pages sometimes say we should use services.AddDefaultIdentity, and sometimes services.AddIdentity. Reading between the lines, AddIdentity exposes additional options for configuring Identity. But there is no coherent description of the difference between these two methods. We really need a section early in this documentation that presents these two registration methods and information about the follow-on fluent methods that are required and/or optional.

Put a link to this comparison in:

Per Hao
AddDefaultIdentity is just syntactic sugar for the old code that used to be in startup + AddDefaultUI, whatever you are trying to do,

See AddDefaultIdentity

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Blazor Source - Docs.ms doc-enhancement
Source
picture Rick-Anderson
👍9 🎉1

Most helpful comment

i am using .net core 3.1 web api project and using jwt for authentication with services.AddIdentity<IdentityUser, IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>(); but when i use Authorize attribute instead of returning 401 unauthorized or even when i provide the correct token it redirect to login page but it work perfectly fine with services.AddDefaultIdentity(IdentityUser) .AddEntityFrameworkStores<ApplicationDbContext>();

picture zubairkhakwani on 9 Mar 2020
👍4

All 13 comments

This is great. In addition to docs, I also looked at samples in the AspNet/Identity repo and Visual Studio templates and found it confusing which overload to use.

pholly picture pholly on 6 Sep 2018
👍2

All the 2.1 External Providers configuration documentation pages were not updated to 2.1
For example, the Microsoft Account page does not mention the mandatory .AddDefaultUI() and still mention the old ApplicationUser. The correct one is the following:

services.AddIdentity<IdentityUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders()
    .AddDefaultUI();

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-2.1&tabs=aspnetcore2x

This should be changed for the other external providers as well.

raffaeler picture raffaeler on 14 Nov 2018
👍1

I think that is not called syntactic sugar, but is called a breaking change.

talldaniel picture talldaniel on 13 Jun 2019

the Scatfolding is a mess too - the whole blazor identity is not very Full Stack friendly right now... suddenly I have empty .js in wwwroot/Identity and such... I guess I will write a own Identity template. But for my project it consumes now time - razor pages was clean and simple this tries to be super nice and timesaving but leads me to problems and stress...

Scobiform picture Scobiform on 3 Oct 2019
👍2

I have the same problems as @Scobiform. This "version" of Identity is completely confusing. Even the docs. In my opinion docs SHOULD NOT start with the assumption that everyone wants to start using it with a whole bunch of abstract default settings, Entity Framework, MVC and whatnot. I've only just started researching because I want to implement something super simple, and I've already been reading for 2 hours without knowing anything about how I should start using it and how and what I should override (either types or options).

bernatgy picture bernatgy on 26 Nov 2019

One strange problem I am facing with using AddIdentity is your protected pages (which require authentication) gets unprotected, meaning you can call Identity/Account/manage/index.cshtml page without authentication. This led me to debugging of 5 hours and finally I changed my services.AddIdentity to services.AddDefaultIdentity and now the pages are protected again.. I don't know If I have elaborated the issue properly but while using AddIdentity you can even access authorized pages without even login

iHamzaKhanzada picture iHamzaKhanzada on 30 Nov 2019
😕1

i am using .net core 3.1 web api project and using jwt for authentication with services.AddIdentity<IdentityUser, IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>(); but when i use Authorize attribute instead of returning 401 unauthorized or even when i provide the correct token it redirect to login page but it work perfectly fine with services.AddDefaultIdentity(IdentityUser) .AddEntityFrameworkStores<ApplicationDbContext>();

zubairkhakwani picture zubairkhakwani on 9 Mar 2020
👍4

i am using .net core 3.1 web api project and using jwt for authentication with services.AddIdentity<IdentityUser, IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>(); but when i use Authorize attribute instead of returning 401 unauthorized or even when i provide the correct token it redirect to login page but it work perfectly fine with services.AddDefaultIdentity(IdentityUser) .AddEntityFrameworkStores<ApplicationDbContext>();

I ran into this issue as well. Since AddIdentity() calls services.AddAuthentication() with options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme, it can override the options you provided alongside the AddJwtBearer() call (i.e. options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme). But if you set up the JWT bearer after the AddIdentity() call, it should work.

As for the difference in behavior experienced when using AddDefaultIdentity(), my guess is that this is due to the fact that AddDefaultIdentity() sets DefaultScheme, and not DefaultAuthenticateScheme – so it doesn't override your JWT authentication scheme.

But I also find this all to be confusing, and still trying to wrap my mind around it (authentication already works for me, but I'm yet to successfully derive a user from ClaimsPrincipal via UserManager).

baratgabor picture baratgabor on 1 Apr 2020

i also try setting JWT bearer after the AddIdentity() but still same
behaviour, Why are you deriving user from ClaimsPrincipal. if you want to
extend your class simply derive it from IdentityUser

On Wed, Apr 1, 2020 at 10:55 AM Gabor Barat notifications@github.com
wrote:

i am using .net core 3.1 web api project and using jwt for authentication
with services.AddIdentity()
.AddEntityFrameworkStores(); but when i use
Authorize attribute instead of returning 401 unauthorized or even when i
provide the correct token it redirect to login page but it work perfectly
fine with services.AddDefaultIdentity(IdentityUser)
.AddEntityFrameworkStores();

I ran into this issue as well. Since AddIdentity() calls
services.AddAuthentication() with options.DefaultAuthenticateScheme =
IdentityConstants.ApplicationScheme, it can override the options you
provided alongside the AddJwtBearer() call (i.e. options.DefaultAuthenticateScheme
= JwtBearerDefaults.AuthenticationScheme). But if you set up the JWT
bearer after the AddIdentity() call, it should work.

As for the difference in behavior experienced when using
AddDefaultIdentity(), my guess is that this is due to the fact that
AddDefaultIdentity() sets DefaultScheme, and not DefaultAuthenticateScheme
– so it doesn't override your JWT authentication scheme.

But I also find this all to be confusing, and still trying to wrap my mind
around it (authentication already works for me, but I'm yet to successfully
derive a user from ClaimsPrincipal via UserManager).


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/dotnet/AspNetCore.Docs/issues/8434#issuecomment-607049864,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AJB7VTOW23PA2NIVGRN2ID3RKLJMRANCNFSM4FTVGVJQ
.

zubairkhakwani picture zubairkhakwani on 1 Apr 2020

I ran into the same problem with the Scaffolding Identity docs pages for a Blazor app. The guide and reference docs should really be updated to the correct guidance.

dbrennan picture dbrennan on 7 Apr 2020

@dbrennan we've got good review from MVC and Razor Pages customers. The tutorial isn't geared for jwt for authentication. It probably needs a Blazor section. cc @guardrex

Rick-Anderson picture Rick-Anderson on 7 Apr 2020

Thanks for pushing this in. Agreed, a Bazor section would be great. It looks like the Razor customizations are also needed to work with Blazor? I opened another issue for a different section and started making some updates when I saw your change come through.

dbrennan picture dbrennan on 7 Apr 2020

This is a dup of https://github.com/dotnet/AspNetCore.Docs/issues/15651 ... and although that was opened a while ago (11/2019) with follow-up discussion in 2/2020, I've been 🏃😅 on many high priority issues and going as fast as I can.

I've moved the issue to the top of my P2 (Medium Priority) issues; so as soon as I burn thru a few more top priority issues, I can work it. The plan is to address scaffolding in two sections (with auth/without auth) in the Scaffold Identity topic, which is the topic that #15651 is attached to.

guardrex picture guardrex on 7 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

fabich picture fabich  ·  3Comments
Raghumu picture Raghumu  ·  3Comments
StevenTCramer picture StevenTCramer  ·  3Comments
Mattacks picture Mattacks  ·  3Comments
danroth27 picture danroth27  ·  3Comments