ASP.NET Core Identity

Hello,

I have never used ASP.NET Core Identity before. Instead, I have been implementing authentication using ServiceStack Auth in the following way:

1. I override CredentialsAuthProvider and implemented TryAuthenticateAsync to validate credentials directly against my own table without using the UserAuth table.

2. I did not use the built-in registration or role assignment services, as they were not required.

3. Users were authenticated via JWT, and I used JwtAuthProvider with additional payload data.

4. I registered authentication as follows:

public void Configure(IWebHostBuilder builder)
{
    builder
        .ConfigureServices(_ => { })
        .ConfigureAppHost(appHost =>
        {
            var appSettings = appHost.AppSettings;
            var authFeature = new AuthFeature(
                () => new UserSession(),
                [
                    new MitCredentialsAuthProvider {SkipPasswordVerificationForInProcessRequests = true},
                    new JwtAuthProvider(appSettings)
                    {
                        AuthKeyBase64 = appSettings.GetString("AuthKeyBase64"),
                        RequireSecureConnection = false,
                        UseTokenCookie = true,
                        ExpireTokensIn = TimeSpan.FromHours(12),
                        CreatePayloadFilter = (payload, session) =>
                        {
                            payload["ConnectionName"] = ((UserSession)session).ConnectionName?.ToString();
                        },
                        PopulateSessionFilter = (session, payload, _) =>
                        {
                            if (session is not UserSession b2BSession) return;
                            
                            b2BSession.ConnectionName = payload["ConnectionName"];
                        }
                    }
                ])
            {
                IncludeDefaultLogin = false,
                IncludeAssignRoleServices = false,
                IncludeRegistrationService = false
            };
            appHost.Plugins.Add(authFeature);
        });
}

5. I used the ConnectionName from JWT to automatically add DbInfo to all incoming requests using the following configuration:

public class ConfigureGlobalRequest : IHostingStartup
{
    public void Configure(IWebHostBuilder builder) => builder
        .ConfigureAppHost(appHost => appHost
            .GlobalRequestFilters.Add((req, res, dto) =>
            {
                var session = req.GetSession() as UserSession;
                
                req.Items[Keywords.DbInfo] = new ConnectionInfo {
                    NamedConnection = session?.ConnectionName
                };
            }));
}

I see that it is now recommended to use EndPoint routing, which requires IdentityAuth.
However, I do not need EF or Microsoft Identity.

Additionally, I need to ensure that the ConnectionName from JWT is still available in requests so I can continue injecting DbInfo into all incoming requests as before.

What would be the recommended approach to migration while preserving my current request flow?

Thanks in advance!

If you don’t want to migrate to IdentityAuth then I’d recommend staying with ServiceStack Auth and not use Endpoint Routing, especially if you’re using a Custom AuthProvider or a custom User table.

You should consider EF/IdentityAuth for new projects, but not for existing projects with custom auth solutions.

From your response, I understand that ServiceStack Auth will continue to have long-term support and that there is no need to migrate to IdentityAuth unless requiring EF/Identity integration.

This reassures me that I can continue using my existing authentication model without concerns about future compatibility. If that is correct, I will stick with my current approach and avoid migrating to IdentityAuth.

Thanks again for your help!

Yeah whilst we’ll be following ASP .NET Core Auth for any new Identity Auth features, ServiceStack Auth will continue to be supported.