A user with the claim "AcceptTermsAndConditions" can edit but an admin gets forbidden. The question is a user that has accepted the terms and conditions OR someone with the role admin can edit things. I don't really understand how I have to implement this or statement. So to summarize I have 2 roles a user who has to accept tos to edit things and a admin who can edit things because he has the role admin.
This is the Authorization in my startup class.
This is the code line I'm not sure what I need to put
"return registrationClaimValue == true.ToString() || role.RequireRole("admin").Equals(true);"
The purpose of this line of code is hat someone with the userRole has to accept the tos and thus has a claim with the value true in it. This works. But an admin does not have terms of services this value is null in the db but he still needs to be able to edit things. So the question is how can I do 2 checks one on a claim and a second on a role with an OR statement
services.AddAuthorization(options =>
{
options.AddPolicy("CanEdit",
policy =>
{
policy.RequireAssertion(context =>
{
var registrationClaimValue =
context.User.Claims.SingleOrDefault(c => c.Type == "AcceptTermsAndConditions")?.Value;
var role =
policy.RequireRole("admin");
return registrationClaimValue == true.ToString() || role.RequireRole("admin").Equals(true);
});
});
Here is my seeding data of my users
public static void Seed(ModelBuilder modelBuilder)
{
var usersToSeed = new List<ApplicationUser>();
IPasswordHasher<ApplicationUser> passwordHasher = new PasswordHasher<ApplicationUser>();
var imiUser = new ApplicationUser
{
Id = "f18dcef5-4ba7-4e09-97ef-457c682c5d4a",
ConcurrencyStamp = "ced460a4-3ea6-4246-8153-0f570cb1bcb8",
SecurityStamp = "f5aabff3-db45-4a4a-92a6-bf5c8f37103f",
Email = "user#imi.be",
NormalizedEmail = "USER#IMI.BE",
UserName = "user#imi.be",
NormalizedUserName = "USER#IMI.BE",
AcceptTermsAndConditions = true
};
usersToSeed.Add(imiUser);
var imiRefuser = new ApplicationUser
{
Id = "1fdbff31-c9cf-4b3c-9342-9b4be35c7a30",
UserName = "refuser#imi.be",
NormalizedUserName = "REFUSER#IMI.BE",
Email = "refuser#imi.be",
NormalizedEmail = "REFUSER#IMI.BE",
EmailConfirmed = false,
SecurityStamp = "bc255425-6e28-4ff5-bbe1-08af094b202f",
ConcurrencyStamp = "58320226-0a8b-434a-bc57-9904399fcdf8",
AcceptTermsAndConditions = false
};
usersToSeed.Add(imiRefuser);
var imiAdmin = new ApplicationUser
{
Id = "89f94dbe-44be-41b7-afec-b5c7cbf7236a",
ConcurrencyStamp = "a2520554-10fe-4ba2-aef7-1f9227c8dc4b",
SecurityStamp = "658b6ac2-09f4-4f4a-a89b-f5463c1cf845",
Email = "admin#imi.be",
NormalizedEmail = "ADMIN#IMI.BE",
UserName = "admin#imi.be",
NormalizedUserName = "ADMIN#IMI.BE"
};
usersToSeed.Add(imiAdmin);
foreach (var user in usersToSeed)
{
user.PasswordHash = passwordHasher.HashPassword(user, "Test123?");
}
var adminRoleId = Guid.NewGuid().ToString();
var adminRoleName = "admin";
var userRoleId = Guid.NewGuid().ToString();
var userRoleName = "user";
modelBuilder.Entity<IdentityRole>().HasData(new IdentityRole
{
Id = adminRoleId,
Name = adminRoleName,
NormalizedName = adminRoleName.ToUpper()
});
modelBuilder.Entity<IdentityRole>().HasData(new IdentityRole
{
Id = userRoleId,
Name = userRoleName,
NormalizedName = userRoleName.ToUpper()
});
modelBuilder.Entity<IdentityUserRole<string>>().HasData(new IdentityUserRole<string>
{
RoleId = adminRoleId,
UserId = "89f94dbe-44be-41b7-afec-b5c7cbf7236a"
});
modelBuilder.Entity<IdentityUserRole<string>>().HasData(new IdentityUserRole<string>
{
RoleId = userRoleId,
UserId = "1fdbff31-c9cf-4b3c-9342-9b4be35c7a30"
});
modelBuilder.Entity<IdentityUserRole<string>>().HasData(new IdentityUserRole<string>
{
RoleId = userRoleId,
UserId = "f18dcef5-4ba7-4e09-97ef-457c682c5d4a"
});
modelBuilder.Entity<ApplicationUser>().HasData(usersToSeed);
}
}
Here is my api controller where i try to authorize the policy
//Update
[HttpPut]
[Authorize(Policy = "CanEdit")]
public async Task<IActionResult> Put(PlayerDetailResponseDto playerDetailResponseDto)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
var playerDto = await _playersService.UpdateAsync(playerDetailResponseDto);
return Ok(playerDto);
}
Till .net5 I've been Seeding data using the following in startup.cs file:
SeedData.Seed(_userManager, _roleManager);
And then in a seperate file SeedData.cs, the following code:
public static class SeedData
{
public static void Seed(UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager)
{
SeedRoles(roleManager);
SeedUsers(userManager);
}
private static void SeedUsers(UserManager<IdentityUser> userManager)
{
if(userManager.FindByNameAsync("admin#localhost.com").Result == null)
{
var user = new IdentityUser
{
UserName = "admin#localhost.com",
Email = "admin#localhost.com"
};
var result = userManager.CreateAsync(user, "P#ssword1").Result;
if(result.Succeeded)
{
userManager.AddToRoleAsync(user, "Administrator").Wait();
}
}
}
private static void SeedRoles(RoleManager<IdentityRole> roleManager)
{
if(!roleManager.RoleExistsAsync("Administrator").Result)
{
var role = new IdentityRole
{
Name = "Administrator",
};
var result = roleManager.CreateAsync(role).Result;
}
if(!roleManager.RoleExistsAsync("Employee").Result)
{
var role = new IdentityRole
{
Name = "Employee",
};
var result = roleManager.CreateAsync(role).Result;
}
}
}
Now, how do i do the same with .net6, since it has only program.cs file?
This is what I personally do:
I make an extension to IApplicationBuilder:
public static class ApplicationBuilderExtensions
{
public static async Task<IApplicationBuilder> PrepareDatabase(this IApplicationBuilder app)
{
using var scopedServices = app.ApplicationServices.CreateScope();
var serviceProvider = scopedServices.ServiceProvider;
var data = serviceProvider.GetRequiredService<NeonatologyDbContext>();
data.Database.Migrate();
await SeedAdministratorAsync(serviceProvider);
await SeedDoctorAsync(data, serviceProvider);
return app;
}
Here are the seedings:
private static async Task SeedDoctorAsync(NeonatologyDbContext data, IServiceProvider serviceProvider)
{
if (data.Doctors.Any())
{
return;
}
var userManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
var roleManager = serviceProvider.GetRequiredService<RoleManager<ApplicationRole>>();
var identityRole = new ApplicationRole()
{
Name = DoctorRoleName
};
await roleManager.CreateAsync(identityRole);
var city = await data.Cities.Where(x => x.Name == "Плевен").FirstOrDefaultAsync();
var doctor = new ApplicationUser()
{
Email = DoctorEmail,
UserName = DoctorEmail,
EmailConfirmed = true,
Doctor = new Doctor
{
FirstName = DoctorFirstName,
LastName = DoctorLastName,
PhoneNumber = DoctorPhone,
Address = Address,
Age = DoctorAge,
Biography = Biography,
CityId = city.Id,
City = city,
YearsOfExperience = YearsOfExperience,
Email = DoctorEmail
}
};
await userManager.CreateAsync(doctor, DoctorPassword);
await userManager.AddToRoleAsync(doctor, identityRole.Name);
doctor.Doctor.UserId = doctor.Id;
doctor.Doctor.Image = new Image()
{
RemoteImageUrl = "SomeURL"
};
await data.SaveChangesAsync();
}
private static async Task SeedAdministratorAsync(IServiceProvider serviceProvider)
{
var userManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
var roleManager = serviceProvider.GetRequiredService<RoleManager<ApplicationRole>>();
if (await roleManager.RoleExistsAsync(AdministratorRoleName))
{
return;
}
var identityRole = new ApplicationRole()
{
Name = AdministratorRoleName
};
await roleManager.CreateAsync(identityRole);
const string adminEmail = AdministratorEmail;
const string adminPassword = AdministratorPassword;
var adminUser = new ApplicationUser()
{
Email = adminEmail,
UserName = adminEmail,
EmailConfirmed = true
};
if (await userManager.IsInRoleAsync(adminUser, identityRole.Name))
{
return;
}
await userManager.CreateAsync(adminUser, adminPassword);
await userManager.AddToRoleAsync(adminUser, identityRole.Name);
}
And in the Program.cs I have:
app.PrepareDatabase()
.GetAwaiter()
.GetResult();
The following snippet works for me and seeds the data upon initialization of the application.
I have an ASP.NET Core 2.1.0 application using EF Core 2.1.0.
How do I go about seeding the database with Admin user and give him/her an Admin role? I cannot find any documentation on this.
As user cannot be seeded in a normal way in Identity just like other tables are seeded using .HasData() of .NET Core 2.1.
Microsoft Recommendation: For data that requires calls to external API, such as ASP.NET Core Identity users creation it is recommended to use custom initialization logic.
Seed Roles in .NET Core 2.1 using code given below in ApplicationDbContext Class :
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
// Customize the ASP.NET Identity model and override the defaults if needed.
// For example, you can rename the ASP.NET Identity table names and more.
// Add your customizations after calling base.OnModelCreating(builder);
modelBuilder.Entity<IdentityRole>().HasData(new IdentityRole { Name = "Admin", NormalizedName = "Admin".ToUpper() });
}
Seed Users With Roles by Following the steps given below.
Step 1: New class creation
public static class ApplicationDbInitializer
{
public static void SeedUsers(UserManager<IdentityUser> userManager)
{
if (userManager.FindByEmailAsync("abc#xyz.com").Result==null)
{
IdentityUser user = new IdentityUser
{
UserName = "abc#xyz.com",
Email = "abc#xyz.com"
};
IdentityResult result = userManager.CreateAsync(user, "PasswordHere").Result;
if (result.Succeeded)
{
userManager.AddToRoleAsync(user, "Admin").Wait();
}
}
}
}
Step 2: Now Modify ConfigureServices method in Startup.cs class.
Before Modification:
services.AddDefaultIdentity<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
After Modification:
services.AddDefaultIdentity<IdentityUser>().AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
Step 3: Modify parameters of Configure Method in Startup.cs class.
Before Modification :
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//..........
}
After modification :
public void Configure(IApplicationBuilder app, IHostingEnvironment env, UserManager<IdentityUser> userManager)
{
//..........
}
Step 4 : Calling method of our Seed (ApplicationDbInitializer) class:
ApplicationDbInitializer.SeedUsers(userManager);
Note: You can also Seed Roles just like users by Injecting the RoleManager along with UserManager.
Actually a User Entity can be seeded in OnModelCreating, one thing to consider: the IDs should be predefined. If type string is used for TKey identity entities, then there is no problem at all.
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
// any guid
const string ADMIN_ID = "a18be9c0-aa65-4af8-bd17-00bd9344e575";
// any guid, but nothing is against to use the same one
const string ROLE_ID = ADMIN_ID;
builder.Entity<IdentityRole>().HasData(new IdentityRole
{
Id = ROLE_ID,
Name = "admin",
NormalizedName = "admin"
});
var hasher = new PasswordHasher<UserEntity>();
builder.Entity<UserEntity>().HasData(new UserEntity
{
Id = ADMIN_ID,
UserName = "admin",
NormalizedUserName = "admin",
Email = "some-admin-email#nonce.fake",
NormalizedEmail = "some-admin-email#nonce.fake",
EmailConfirmed = true,
PasswordHash = hasher.HashPassword(null, "SOME_ADMIN_PLAIN_PASSWORD"),
SecurityStamp = string.Empty
});
builder.Entity<IdentityUserRole<string>>().HasData(new IdentityUserRole<string>
{
RoleId = ROLE_ID,
UserId = ADMIN_ID
});
}
ASP.Net Core 3.1
That's how I do it using the EntityTypeBuilder :
Role Configuration:
public class RoleConfiguration : IEntityTypeConfiguration<IdentityRole>
{
private const string adminId = "2301D884-221A-4E7D-B509-0113DCC043E1";
private const string employeeId = "7D9B7113-A8F8-4035-99A7-A20DD400F6A3";
private const string sellerId = "78A7570F-3CE5-48BA-9461-80283ED1D94D";
private const string customerId = "01B168FE-810B-432D-9010-233BA0B380E9";
public void Configure(EntityTypeBuilder<IdentityRole> builder)
{
builder.HasData(
new IdentityRole
{
Id = adminId,
Name = "Administrator",
NormalizedName = "ADMINISTRATOR"
},
new IdentityRole
{
Id = employeeId,
Name = "Employee",
NormalizedName = "EMPLOYEE"
},
new IdentityRole
{
Id = sellerId,
Name = "Seller",
NormalizedName = "SELLER"
},
new IdentityRole
{
Id = customerId,
Name = "Customer",
NormalizedName = "CUSTOMER"
}
);
}
}
User Configuration:
public class AdminConfiguration : IEntityTypeConfiguration<ApplicationUser>
{
private const string adminId = "B22698B8-42A2-4115-9631-1C2D1E2AC5F7";
public void Configure(EntityTypeBuilder<ApplicationUser> builder)
{
var admin = new ApplicationUser
{
Id = adminId,
UserName = "masteradmin",
NormalizedUserName = "MASTERADMIN",
FirstName = "Master",
LastName = "Admin",
Email = "Admin#Admin.com",
NormalizedEmail = "ADMIN#ADMIN.COM",
PhoneNumber = "XXXXXXXXXXXXX",
EmailConfirmed = true,
PhoneNumberConfirmed = true,
BirthDate = new DateTime(1980,1,1),
SecurityStamp = new Guid().ToString("D"),
UserType = UserType.Administrator
};
admin.PasswordHash = PassGenerate(admin);
builder.HasData(admin);
}
public string PassGenerate(ApplicationUser user)
{
var passHash = new PasswordHasher<ApplicationUser>();
return passHash.HashPassword(user, "password");
}
}
Assigning Roles To Users:
public class UsersWithRolesConfig : IEntityTypeConfiguration<IdentityUserRole<string>>
{
private const string adminUserId = "B22698B8-42A2-4115-9631-1C2D1E2AC5F7";
private const string adminRoleId = "2301D884-221A-4E7D-B509-0113DCC043E1";
public void Configure(EntityTypeBuilder<IdentityUserRole<string>> builder)
{
IdentityUserRole<string> iur = new IdentityUserRole<string>
{
RoleId = adminRoleId,
UserId = adminUserId
};
builder.HasData(iur);
}
}
Finally in the DB Context class:
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
//If you have alot of data configurations you can use this (works from ASP.Net core 2.2):
//This will pick up all configurations that are defined in the assembly
modelBuilder.ApplyConfigurationsFromAssembly(Assembly.GetExecutingAssembly());
//Instead of this:
modelBuilder.ApplyConfiguration(new RoleConfiguration());
modelBuilder.ApplyConfiguration(new AdminConfiguration());
modelBuilder.ApplyConfiguration(new UsersWithRolesConfig());
}
Here is how I did it in the end. I created a DbInitializer.cs class to do the seeding of all my data (including the admin user).
Here's the code for the methods relating to the seeding of the user accounts:
private static async Task CreateRole(RoleManager<IdentityRole> roleManager,
ILogger<DbInitializer> logger, string role)
{
logger.LogInformation($"Create the role `{role}` for application");
IdentityResult result = await roleManager.CreateAsync(new IdentityRole(role));
if (result.Succeeded)
{
logger.LogDebug($"Created the role `{role}` successfully");
}
else
{
ApplicationException exception = new ApplicationException($"Default role `{role}` cannot be created");
logger.LogError(exception, GetIdentiryErrorsInCommaSeperatedList(result));
throw exception;
}
}
private static async Task<ApplicationUser> CreateDefaultUser(UserManager<ApplicationUser> userManager, ILogger<DbInitializer> logger, string displayName, string email)
{
logger.LogInformation($"Create default user with email `{email}` for application");
ApplicationUser user = new ApplicationUser
{
DisplayUsername = displayName,
Email = email,
UserName = email
};
IdentityResult identityResult = await userManager.CreateAsync(user);
if (identityResult.Succeeded)
{
logger.LogDebug($"Created default user `{email}` successfully");
}
else
{
ApplicationException exception = new ApplicationException($"Default user `{email}` cannot be created");
logger.LogError(exception, GetIdentiryErrorsInCommaSeperatedList(identityResult));
throw exception;
}
ApplicationUser createdUser = await userManager.FindByEmailAsync(email);
return createdUser;
}
private static async Task SetPasswordForUser(UserManager<ApplicationUser> userManager, ILogger<DbInitializer> logger, string email, ApplicationUser user, string password)
{
logger.LogInformation($"Set password for default user `{email}`");
IdentityResult identityResult = await userManager.AddPasswordAsync(user, password);
if (identityResult.Succeeded)
{
logger.LogTrace($"Set password `{password}` for default user `{email}` successfully");
}
else
{
ApplicationException exception = new ApplicationException($"Password for the user `{email}` cannot be set");
logger.LogError(exception, GetIdentiryErrorsInCommaSeperatedList(identityResult));
throw exception;
}
}
My Program.cs looks like this:
public class Program
{
public static async Task Main(string[] args)
{
var host = BuildWebHost(args);
using (var scope = host.Services.CreateScope())
{
var services = scope.ServiceProvider;
Console.WriteLine(services.GetService<IConfiguration>().GetConnectionString("DefaultConnection"));
try
{
var context = services.GetRequiredService<PdContext>();
var userManager = services.GetRequiredService<UserManager<ApplicationUser>>();
var roleManager = services.GetRequiredService<RoleManager<IdentityRole>>();
var dbInitializerLogger = services.GetRequiredService<ILogger<DbInitializer>>();
await DbInitializer.Initialize(context, userManager, roleManager, dbInitializerLogger);
}
catch (Exception ex)
{
var logger = services.GetRequiredService<ILogger<Program>>();
logger.LogError(ex, "An error occurred while migrating the database.");
}
}
host.Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.Build();
}
This is based on .NET 6 with Individual user accounts and then scaffolding Identity. The user is created and then gets a confirmed email based on Microsofts code.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-6.0&tabs=visual-studio#scaffold-identity-into-a-razor-project-with-authorization
You can then seed the role per #Zubair Rana answer.
https://stackoverflow.com/a/51571555/3850405
Program.cs:
public class Program
{
public static void Main(string[] args)
{
var host = CreateHostBuilder(args).Build();
CreateDbAndRunMigrations(host);
host.Run();
}
private static void CreateDbAndRunMigrations(IHost host)
{
using (var scope = host.Services.CreateScope())
{
var services = scope.ServiceProvider;
var context = services.GetRequiredService<ApplicationDbContext>();
context.Database.Migrate();
var userStore = services.GetRequiredService<IUserStore<ApplicationUser>>();
var userManager = services.GetRequiredService<UserManager<ApplicationUser>>();
DbInitializer.Initialize(context, userManager, userStore);
}
}
}
DbInitializer.cs:
public static class DbInitializer
{
public static void Initialize(ApplicationDbContext context, UserManager<ApplicationUser> userManager, IUserStore<ApplicationUser> userStore)
{
if (context.Users.Any())
{
return; // DB has been seeded
}
var user = Activator.CreateInstance<ApplicationUser>();
var email = "example#example.com";
var emailStore = (IUserEmailStore<ApplicationUser>)userStore;
//Will not be used - Has to use Forgot Password. Last characters used to make sure password validation passes
var password = GetUniqueKey(40) + "aA1!";
userStore.SetUserNameAsync(user, email, CancellationToken.None).Wait();
emailStore.SetEmailAsync(user, email, CancellationToken.None).Wait();
var result = userManager.CreateAsync(user, password).Result;
if (result.Succeeded)
{
var userId = userManager.GetUserIdAsync(user).Result;
var code = userManager.GenerateEmailConfirmationTokenAsync(user).Result;
userManager.ConfirmEmailAsync(user, code).Wait();
}
else
{
throw new Exception();
}
}
private static string GetUniqueKey(int size)
{
var chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!+?*~".ToCharArray();
byte[] data = new byte[4*size];
using (var crypto = RandomNumberGenerator.Create())
{
crypto.GetBytes(data);
}
StringBuilder result = new StringBuilder(size);
for (int i = 0; i < size; i++)
{
var rnd = BitConverter.ToUInt32(data, i * 4);
var idx = rnd % chars.Length;
result.Append(chars[idx]);
}
return result.ToString();
}
}
If you are referring to Identity users, the way we did was to add hardcoded values in DbContext.OnModelCreating:
builder.Entity<Role>().HasData(new Role { Id = 2147483645, Name = UserRole.Admin.ToString(), NormalizedName = UserRole.Admin.ToString().ToUpper(), ConcurrencyStamp = "123c90a4-dfcb-4e77-91e9-d390b5b6e21b" });
And user:
builder.Entity<User>().HasData(new User
{
Id = 2147483646,
AccessFailedCount = 0,
PasswordHash = "SomePasswordHashKnownToYou",
LockoutEnabled = true,
FirstName = "AdminFName",
LastName = "AdminLName",
UserName = "admin",
Email = "admin#gmail.com",
EmailConfirmed = true,
InitialPaymentCompleted = true,
MaxUnbalancedTech = 1,
UniqueStamp = "2a1a39ef-ccc0-459d-aa9a-eec077bfdd22",
NormalizedEmail = "ADMIN#GMAIL.COM",
NormalizedUserName = "ADMIN",
TermsOfServiceAccepted = true,
TermsOfServiceAcceptedTimestamp = new DateTime(2018, 3, 24, 7, 42, 35, 10, DateTimeKind.Utc),
SecurityStamp = "ce907fd5-ccb4-4e96-a7ea-45712a14f5ef",
ConcurrencyStamp = "32fe9448-0c6c-43b2-b605-802c19c333a6",
CreatedTime = new DateTime(2018, 3, 24, 7, 42, 35, 10, DateTimeKind.Utc),
LastModified = new DateTime(2018, 3, 24, 7, 42, 35, 10, DateTimeKind.Utc)
});
builder.Entity<UserRoles>().HasData(new UserRoles() { RoleId = 2147483645, UserId = 2147483646 });
I wish there was some better/cleaner way to do it.
Here's how I created an admin role and ensured it was added to my admin user in dotnet 6 with very few lines of code using EF core
In your db context class:
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
builder.Entity<IdentityRole>().HasData(
new IdentityRole { Name = "Admin", NormalizedName = "Admin".ToUpper() }
);
}
In your Program.cs file:
using (var scope = app.Services.CreateScope())
{
var services = scope.ServiceProvider;
var userManager = services.GetRequiredService<UserManager<User>>();
var admin = await userManager.FindByEmailAsync("admin#admin.com");
if (admin != null)
{
if (!await userManager.IsInRoleAsync(admin, "Admin"))
await userManager.AddToRoleAsync(admin, "Admin");
}
}
app.Run();
public class DbInitializer
{
public static async Task CreateAdmin(IServiceProvider service)
{
UserManager<AppUser> userManager = service.GetRequiredService<UserManager<AppUser>>();
RoleManager<IdentityRole> roleManager = service.GetRequiredService<RoleManager<IdentityRole>>();
string username = "Admin";
string email = "AdminG#example.com";
string pass = "Secrete90";
string role = "Admins";
if(await userManager.FindByNameAsync(username)== null)
{
if(await roleManager.FindByNameAsync(role)== null)
{
await roleManager.CreateAsync(new IdentityRole(role));
}
var user = new AppUser { UserName = username, Email = email };
var result = await userManager.CreateAsync(user, pass);
if (result.Succeeded) { await userManager.AddToRoleAsync(user, role); }
}
}
When I run this code on start up, I get an error about not being able to scope the code in the startup class.
DbInitializer.CreateAdmin(app.ApplicationServices).Wait();
In .NET Core 2 calling your seed logic needs to be moved to the Main method of the program.cs class.
Example Program.cs
public static void Main(string[] args) {
var host = BuildWebHost(args);
using (var scope = host.Services.CreateScope()) {
var services = scope.ServiceProvider;
var userManager = services.GetRequiredService<UserManager<AppUser>>();
var roleManager = services.GetRequiredService<RoleManager<IdentityRole>>();
DbInitializer.CreateAdmin(userManager, roleManager).Wait();
}
host.Run();
}
Updated DbInitializer
public class DbInitializer
{
public static async Task CreateAdmin(UserManager<AppUser> userManager, RoleManager<IdentityRole> roleManager)
{
string username = "Admin";
string email = "AdminG#example.com";
string pass = "Secrete90";
string role = "Admins";
if(await userManager.FindByNameAsync(username)== null)
{
if(await roleManager.FindByNameAsync(role)== null)
{
await roleManager.CreateAsync(new IdentityRole(role));
}
var user = new AppUser { UserName = username, Email = email };
var result = await userManager.CreateAsync(user, pass);
if (result.Succeeded) { await userManager.AddToRoleAsync(user, role); }
}
}
How do you seed users, roles and app specific entities? It appears as though the IdentityModel targets its own Context?
internal sealed class Configuration : DbMigrationsConfiguration<Project.Models.SchoolContext>
{
public Configuration()
{
AutomaticMigrationsEnabled = false;
}
protected override void Seed(Project.Models.SchoolContext context)
{
// Seed the Entities
// context.People.AddOrUpdate(
// p => p.FullName,
// new Person { FullName = "Andrew Peters" }
// );
//
}
}
vs.
protected override void Seed(Project.Models.ApplicationDbContext context)
{
if (!context.Roles.Any(r => r.Name == "AppAdmin"))
{
var store = new RoleStore<IdentityRole>(context);
var manager = new RoleManager<IdentityRole>(store);
var role = new IdentityRole { Name = "AppAdmin" };
manager.Create(role);
}
if (!context.Users.Any(u => u.UserName == "founder"))
{
var store = new UserStore<ApplicationUser>(context);
var manager = new UserManager<ApplicationUser>(store);
var user = new ApplicationUser {UserName = "founder"};
manager.Create(user, "ChangeItAsap!");
manager.AddToRole(user.Id, "AppAdmin");
}
}
I don't seed from the migration, instead use the context db initializer. My context derives from IdentityDbContext so I use this method to seed users and roles:
Call an initializer from ctor:
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
private readonly IHttpContextBaseWrapper _httpContextBaseWrapper;
static ApplicationDbContext()
{
// Set the database intializer which is run once during application start
// This seeds the database with admin user credentials and admin role
Database.SetInitializer(new ApplicationDbInitializer());
}
...
Then my seed code:
public class ApplicationDbInitializer : CreateDatabaseIfNotExists<ApplicationDbContext>
{
protected override void Seed(ApplicationDbContext context)
{
InitializeIdentityForEF(context);
base.Seed(context);
}
public static void InitializeIdentityForEF(ApplicationDbContext db)
{
if (!db.Users.Any())
{
var roleStore = new RoleStore<IdentityRole>(db);
var roleManager = new RoleManager<IdentityRole>(roleStore);
var userStore = new UserStore<ApplicationUser>(db);
var userManager = new UserManager<ApplicationUser>(userStore);
// Add missing roles
var role = roleManager.FindByName("Admin");
if (role == null)
{
role = new IdentityRole("Admin");
roleManager.Create(role);
}
// Create test users
var user = userManager.FindByName("admin");
if (user == null)
{
var newUser = new ApplicationUser()
{
UserName = "admin",
FirstName = "Admin",
LastName = "User",
Email = "xxx#xxx.net",
PhoneNumber = "5551234567",
MustChangePassword = false
};
userManager.Create(newUser, "Password1");
userManager.SetLockoutEnabled(newUser.Id, false);
userManager.AddToRole(newUser.Id, "Admin");
}
...