Application User Manager and Identity Config

Jun 18, 2014 at 7:51 AM
Edited Jun 18, 2014 at 7:51 AM
Hi Kevin,
I've been browsing through your project to try and incorporate it into future MVC projects and must thank you for the great work you've done in decoupling Identity and MVC. Although its not fully decoupled it is far better than the default implementation.

One thing I did notice is that you lack an IdentityConfig file that creates the ApplicationUserManager. I do see that you create the UserManager within the WebSecurity class but the ApplicationUserManager has an overloaded constructor that permits configuration of the User's data such as -
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
And to the password that the user can use -
manager.PasswordValidator = new PasswordValidator
                RequiredLength = 6,
                RequireNonLetterOrDigit = true,
                RequireDigit = true,
                RequireLowercase = true,
                RequireUppercase = true,
As well as other features such as an email service, sms service and a dataprotectortoken.

Any reason why this is completely eliminated?
Jun 18, 2014 at 12:55 PM
Hi fs_news,

Good suggestions. The short answer as to why it has not been implemented is that I have not had the time lately to work on this project. There are a number of things that could be done to make this more useful. I would strongly encourage you to join the project and contribute. I am always looking for good contributors to keep this project going. I feel SimpleSecurity can be a great jump start to any web project in getting a solid security foundation. If you would also add this as an enhancement request in the Issues tab so that we can start prioritizing work that would be greatly appreciated.

Thank you for your interest.

Kevin Junghans
Jun 18, 2014 at 1:05 PM
Hi Kevin,
I would have joined the project if I did have experience with MVC but I am still a novice (2 weeks of learning so far) so I don't think I'm up to the task yet. Maybe when I am a little more knowledgeable about the subject as well as about Asp.Net Identity I might jump on. But thank you for the option and this great implementation.
I will add the points stated into the enhancement features for future work and yes I do believe SimpleSecurity has great potential and could become a foundation for security as well as be an excellent starting point for most apps. Allowing not only the project but Asp.Net to easily manage the authentication and authorization system developers could focus on the development at hand rather than have to deal with configurations and set up.