I am building a simple ASP.NET 5 admin site, using ASP.NET Identity 2 to password protect the actual admin pages. It will be used by 2 to 4 users.
My employer doesn't want me to use a database for various reasons beyond my control. The plan is to store all user info in a text file. When a user needs to be added/removed, a dev will log into the server and update the text file. So users can only login, they can't register, change password, etc.
I would still like to use ASP.NET Identity so I can use the Authorize attribute on my MVC controllers, etc. It also makes it easier to start using a database later on.
I haven't been able to find an ASP.NET Identity provider that uses an unencrypted text file. Does such a provider exist somewhere?
I have not came across the text-file storage, but I've seen a lot of samples using some other storage mechanisms. Take a look on this post for samples and have a look on documentation about implementing custom storage.
In your case I'd store all user objects in a list and then serialise that into a JSON-string that is persisted into a file.
However it is strongly advised not to use plain text for password storage and use provided hashing mechanisms. (I'm sure you are aware of this). Just point your employer on http://plaintextoffenders.com/ for samples of why it is best not to store plain-text password.