Tutorials ASP.NET Core Complete Tutorial (ShopNest)

ASP.NET Core Identity — Complete Setup Guide

Learn ASP.NET Core Identity — Complete Setup Guide in our free ASP.NET Core Complete Tutorial (ShopNest) series. Step-by-step explanations, examples, and interview tips on Toolliyo Academy.

On this page
ASP.NET Core Identity — Complete Setup Guide — ShopNest
Article 29 of 75 · Module 4: Authentication & Security · ShopNest Multi-Role Web Application
Target keyword: asp.net core identity tutorial · Read time: ~32 min · .NET: 8 / 9 · Project: ShopNest Multi-Role Web Application

Introduction

ASP.NET Core Identity is the membership system for ShopNest — users, passwords, roles, lockout, and email confirmation out of the box. It replaces rolling your own auth tables and integrates with EF Core and cookie/JWT schemes.

After this article you will

  • Install Identity packages and extend ApplicationUser
  • Use UserManager and SignInManager
  • Scaffold register/login/logout pages
  • Configure password policies and lockout
  • Add custom registration fields and email confirmation

Prerequisites

Concept deep-dive

// Packages: Microsoft.AspNetCore.Identity.EntityFrameworkCore

public class ApplicationUser : IdentityUser
{
    public string FullName { get; set; } = "";
    public DateTime RegisteredAt { get; set; } = DateTime.UtcNow;
}

builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
    options.Password.RequiredLength = 8;
    options.Password.RequireDigit = true;
    options.Lockout.MaxFailedAccessAttempts = 5;
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(15);
    options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<ShopNestDbContext>()
.AddDefaultTokenProviders();

builder.Services.ConfigureApplicationCookie(options =>
{
    options.LoginPath = "/Account/Login";
    options.AccessDeniedPath = "/Account/AccessDenied";
    options.SlidingExpiration = true;
    options.ExpireTimeSpan = TimeSpan.FromHours(8);
});

app.UseAuthentication();
app.UseAuthorization();

UserManager — CreateAsync, FindByEmailAsync, AddToRoleAsync, GenerateEmailConfirmationTokenAsync.
SignInManager — PasswordSignInAsync, SignOutAsync, CheckPasswordSignInAsync.

Scaffold Identity UI: dotnet aspnet-codegenerator identity -dc ShopNestDbContext

Hands-on — ShopNest Multi-Role Web Application

  1. Extend ApplicationUser with FullName; migration.
  2. Seed roles: Admin, Customer, Vendor.
  3. Register page with custom field; assign Customer role on signup.
  4. Email confirmation stub (log token in Development).
  5. Login/logout with [Authorize] on /Account/Orders.
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
    await _userManager.AddToRoleAsync(user, "Customer");
    await _signInManager.SignInAsync(user, isPersistent: false);
    return RedirectToAction("Index", "Home");
}
foreach (var err in result.Errors) ModelState.AddModelError("", err.Description);

Common errors & best practices

  • UseAuthentication after UseRouting but before UseAuthorization — wrong order breaks login.
  • Storing passwords in plain text — Identity hashes with PBKDF2 automatically.
  • Missing AddDefaultTokenProviders — password reset tokens fail.

Interview questions

Q: Identity vs custom auth?
A: Identity gives users, roles, lockout, 2FA hooks — don't rebuild unless special requirements.

Q: UserManager vs SignInManager?
A: UserManager manages user records; SignInManager creates auth cookies/sessions.

Q: Lockout purpose?
A: Brute-force protection — lock account after N failed attempts.

Summary

  • Identity + EF Core stores users and roles in SQL Server
  • UserManager/SignInManager drive register/login flows
  • Password and lockout policies configured in Program.cs
  • Multi-role ShopNest app starts here

Previous: Error Handling and Exception Management
Next: Authentication — Cookie and JWT

FAQ

Can Identity work with JWT?

Yes — combine Identity user store with JWT bearer for APIs (Articles 30–32).

Customize Identity UI?

Scaffold into Areas/Identity and edit Razor pages.

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

ASP.NET Core Complete Tutorial (ShopNest)
Course syllabus
Module 1: Foundations
Module 2: Entity Framework Core
Module 3: Dependency Injection & Middleware
Module 4: Authentication & Security
Module 5: Web API
Module 6: Advanced Architecture
Module 7: Testing
Module 8: Deployment & DevOps
Module 9: Real-World Projects
Module 10: Advanced Topics
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details