A few days ago, the .NET team announced an update to the new ASP.NET Identity library with a bunch of new features. Finally we have a library in .NET that can compete with Devise in Rails world.

  • Two-Factor Authentication: Identity can be confirmed by SMS, it can be extended to use QR code generators and validate them in phone apps.
  • Account lockout: Provide a way to Lockout out the user if the user enters their password or two-factor codes incorrectly. The number of invalid attempts and the timespan for the users are locked out can be configured.
  • Account confirmation: The ASP.NET Identity system now supports Account Confirmation by confirming the email of the user.
  • Password reset: Request it by email.
  • Security stamp (Sign out everywhere): This feature provides an extra layer of security to your application since when you change your password, you will be logged out where you have logged into this application.
  • Enhanced Password Validator: This validator let’s us configure the minimum number of characters, require digits, require uppercase or require lowercase. We can define our own policies too.
  • Support IQueryable on Users and Roles.
  • Delete User account from UserManager

More information: