How do ASP.NET Identity and Thinktecture.IdentityModel library relate to each other?

About

Asked 22/10, 2013 at 14:39 Answered 22/10, 2013 at 15:5

Solved .net security asp.net-web-api thinktecture-ident-model

I've just started to implement security in our web api service (mostly as a research endeavor).
And ran across new ASP.NET Identity and quite mature Thinktecture.IdentityModel library.

As I'm not experienced with this whole bunch of authentication/authorization mechanisms it's quite confusing. Now I cannot say whether these libraries are about the same or othogonal to each other.

I would appreciate any clarification of which one should be used and when.

Fic answered 22/10, 2013 at 14:39 Comment(0)

In short, ASP.NET Identity is an identity management framework (storing user account data, like usernames and passwords). This article goes into depth on the features and design of ASP.NET Identity: http://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/

Thinktecture.IdentityModel is a security helper library for many missing features in WIF/Claims, ASP.NET, MVC and Web API. An example is security token processing in Web API v1 -- Web API had nothing like this. Another example is CORS support -- again, in Web API v1 there was no help for that.

They serve two different purposes.

Keyte answered 22/10, 2013 at 15:5 Comment(2)

Thanks. And a little offtopic: I can find nothing concerning ACLs. Everyone usually talks about claims or role-based security. Do you have any experience with ACLs? May be some libraries? – Fic 22/10, 2013 at 15:46

Well, there are not a lot of permissions libraries out there (at least that I'm aware of). WIF/.NET has its own approach with the ClaimsAuthorizationManager, but it still leaves you to implement the logic. – Keyte 14/2, 2014 at 22:16

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags