A few days ago, the .NET team announced an update to the new ASP.NET Identity library with a bunch of new features. Finally we have a library in .NET that can compete with Devise in Rails world.
- Two-Factor Authentication: Identity can be confirmed by SMS, it can be extended to use QR code generators and validate them in phone apps.
- Account lockout: Provide a way to Lockout out the user if the user enters their password or two-factor codes incorrectly. The number of invalid attempts and the timespan for the users are locked out can be configured.
- Account confirmation: The ASP.NET Identity system now supports Account Confirmation by confirming the email of the user.
- Password reset: Request it by email.
- Security stamp (Sign out everywhere): This feature provides an extra layer of security to your application since when you change your password, you will be logged out where you have logged into this application.
- Enhanced Password Validator: This validator let’s us configure the minimum number of characters, require digits, require uppercase or require lowercase. We can define our own policies too.
- Support IQueryable on Users and Roles.
- Delete User account from UserManager
More information:
- Official documentation for ASP.NET Identity.
- Sample code: https://aspnet.codeplex.com/SourceControl/latest.
- Per request lifetime management for UserManager class in ASP.NET Identity