Search code examples
asp.net.netasp.net-identityowin

ASP.NET Identity vs custom implementation, which one to use?

I'm a junior full stack and I'm working on a big SPA (for one man) project, as a challenge and demo of what I have learned and I have 3 questions:

  1. Is generally ASP.NET Identity used in companies for medium/big projects or they usually go with custom implementation ?

  2. I wonder if it's worth using ASP.NET Identity for users and roles management or is better to create custom logic for users/roles to I guess learn more and have more control.

  3. If I'll continue developing with identity, will be bad if I use it only for users and roles management, as I saw that it has authentication API too, but I use OAUTH2, setting token was like fast and it's working. So should I try to use Identity as much as I can in authentication too to explain the use of this framework over custom implementation ?

You can answer only to first question because other two are too subjective. Thanks!

Solution

  • As ASP.NET Identity is very customizable, you can take the best from both worlds.

    In my company we use custom implementation of IUserStore giving us the flexibility to persist user info the way we wanted. We don't use Entity Framework, for example, which is the default data access used by ASP.NET Identity.

    In our case the tables are different and they better match to actual user data for our application (read business objects).

    The password hashing/verification process is different also, etc.

    You just need to pass an instance of your custom IUserStore to ApplicationUserManager and you are good to go.

    My personal opinion is: go with ASP.NET Identity and replace just the parts you need.

    EDIT: You can also implement all of those too

    IUserStore<,>
IUserLoginStore<,>
IUserClaimStore<,>
IUserRoleStore<,>
IUserPasswordStore<,>
IUserEmailStore<,>
IUserLockoutStore<,>
IUserTwoFactorStore<,>
IQueryableUserStore<,>

    We use it for authentication too. Have in mind that this is tested and will be updated. Is is also well documented and any new devs that are jumping on the project have a greater chance to know what is happening. If you go with a completely custom solution you'll have to maintain that and try to keep it updated with the latest trends/stuff.

    Hope this helps to make a better decision.