Skip to content
This repository has been archived by the owner on Dec 14, 2017. It is now read-only.

Guidance in moving to asp.net identity? #698

Open
nicholas-brooks opened this issue Jan 16, 2017 · 12 comments
Open

Guidance in moving to asp.net identity? #698

nicholas-brooks opened this issue Jan 16, 2017 · 12 comments

Comments

@nicholas-brooks
Copy link

I just saw the updated README stating MembershipReboot will not be maintained going forward.

Does anyone have any pointers or guidance in moving a deployed MembershipReboot instance to ASP.NET Identity (presumably core version)?

BTW, thanks Brock for MembershipReboot. It really helped my team meet customer expectations.
@brockallen
Copy link
Owner

I would like to build a migration helper (if I had the time). As of now, I don't have the time. If someone wants to start one, I'm happy to review any part of it.

@ghost
Copy link

ghost commented Jan 24, 2017

I second the thanks, Brock. MR has been huge time saver and looking through it's source has taught me a lot. Much appreciated.

I'm also interested in this migration helper. Totally understand about not having time to write it. Do you think you might have time to describe the major components of the helper at a high level? Stuff like:

  • Change crypto (wait for user to login, then re-hash using ASP.NET Identity?)
  • Map existing user account service methods to ASP.NET Identity methods
  • Changes to 2FA, Linked Accounts etc.

This would definitely help point folks like me in the right direction.

Thanks again!

@brockallen
Copy link
Owner

Thanks. No timeline yet on a migration tool yet (since no direct customers need it right now). But yea, basically what's needed is to look at the 2 object models and find out how to map from one to the other. Many of the concepts are the same, but some don't map.

@ghost
Copy link

ghost commented Jan 26, 2017

Makes sense. Do you see the migration as a one time execution type of deal? Or do you think we'll have to wait till each user logs in and then transition them over during the session. I ask because i'm not sure how the transition of the password would work (i imagine ASP.NET doesn't have an identical cryptographic scheme, schema etc).

@brockallen
Copy link
Owner

You can plug in your own hashing logic in AspId3, so that logic could be carried over.

@AKlaus
Copy link

AKlaus commented Mar 23, 2017

@brockallen, could you please confirm that you meant ASP.NET Core Identity as a way to move on? And would you still advise to use MR to the .NET developers (not .NET Core)?

@Robban1980
Copy link

I recently did the move from IdentityServer3 and MR to IdentityServer4 and AspNet Identity 3. And it was quite painless. Given i have not been using all functionality in MR, but still really easy.

To not make any difference for the users, i implemented a custom password validator, that can handle both old MR hashes and the new ones for Identity 3. Then the password transition part can be done gradually as the users changes passwords.

@justSteve
Copy link

@Robban1980 I'm facing the same task an am hoping you could expand on the steps taken a bit.

@Robban1980
Copy link

@justSteve it would be easier to answer if you had specific questions. :)

Basic things i did was setting up the DB for AspNet identity to be able to see what it looked like and how i should do the migration of the users. There is a bit of differences between the databases, roles and claim can be mapped quite easily. Token generation is done in AspNet Identity so these no longer needs to be stored in the DB, unless you want to do something custom with them.
AspNet identity has most of what MR offers, if it does not have something specific it can easily be added.

@TheeJamesLee
Copy link

@Robban1980 this is something that we are going to have to do shortly. I was wondering if you were able to share the custom password validator and more detail around the defined steps you took for the migration, with any chance example code if there was anything specific?

I'm just thinking as well that more and more developers are going to need to do this so would be ace if we could put something together to let more people take advantage of the move and make it easier for the masses. :)

So I think the main steps from reading this (and from the top of my head).

*'existing' = MembershipReboot ||| 'newer' = AspNet Identity

  1. Create AspNet Identity solution + custom password validator that can handle 'existing' account passwords and 'newer' account passwords, converting to 'newer' on change password.
  2. Create 'newer' fresh database.
  3. Migrate 'existing' data into 'newer' database (Or did you change the models in AspNet identity to match the 'existing' data and just point at the DB?)
  4. Test
  5. Retire 'existing'

@Robban1980
Copy link

@TheeJamesLee no promises, but i will try to throw together an example of a custom password validator implementation for AspNet identity this week with some instructions, and upload it.

I would recommend transforming your MR data to fit AspNet identity. You might need to add some new columns to AspNet Identity User table as AspNet Identity is very bare bone. This would be completely from case to case on what you use and not. I did it this way to make AspNet identity easier to upgrade in the future.

@Robban1980
Copy link

@TheeJamesLee please check here for an example https://github.com/Robban1980/MembershipRebootToAspNetIdentity.PasswordHasher

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@justSteve @brockallen @nicholas-brooks @AKlaus @Robban1980 @TheeJamesLee