Last post Jun 26, 2017 03:02 PM by march11
Jun 22, 2017 03:05 PM|march11|LINK
Will Identity Ever Support the full Options of the Login Control out of the box?
Jun 22, 2017 05:30 PM|PatriceSc|LINK
More explicitely? It could be perhaps possible to achieve what you want without waiting for MS to ship exactly what you need?
Jun 22, 2017 07:30 PM|march11|LINK
Hi and thanks for the reply.
If you are at all familiar with Identity, you should be aware that there is no "out of the box" ability to store a user Security Question and Security Answer which are some of the default parameters included on the login control.
The Identity framework somewhat spoils the Toolbox. Hoping for more upgrades and easier migration for more complex Membership configurations.
Jun 22, 2017 10:43 PM|PatriceSc|LINK
Ok but keep in mind that for those who never used this feature, it's much less obvious to consider it is "missing" from ASP.NET Identity and to even remember it existed in Membership. Moreover the problem with this feature is that its security highly depends
on which question the user chose and my guess is that you'll never see again this feature out of the box.
You may want to just switch to what ASP.NET Identity offers (ie mailing a limited lifetime unique reset token while an answer is basically a user defined never changing reset token that doesn't require access to the user mail account).
If really needed your best bet is to just reimplement yourself the Membership API you miss on top of ASP.NET Identity (and for now I believe it should be quite easy).
Edit: and so rather than thinking about this question/answer mechanism (taht I never used and consider to be outdated) and as you talked about the "Login control" rather than Membership, my understanding was that you wanted maybe to know if ASP.NET Identity
will ever support using its own version of the Login control.
Jun 23, 2017 01:07 PM|march11|LINK
I guess, yes your final sentence reaches to the end need. Identity does need its own login control and the supporting wizards. But to be clear I never said it was missing. I was simply pointing out that there is no clear replacement and functionality of
new tools is lacking.
As for calling Security Question/Answer obsolete, I highly doubt it. Just because two-level authentication is being forced down everyone's throat, it doesn't mean that end users will continue to except it. In corporate networks, Intranet environments, its
a bit overkill, actually quite a bit. There will always be a right tool for the job, two-factor is not always right.
There is no integration for the use of Captcha, which should also be a logical inclusion in an upgraded Identity solution. These features work, and yes I agree they have been attacked, which is why they should be improved upon, not eliminated. But this isn't
why I am posting.
The older Login control made things a bit easier it was simple to use the wizard and build out the functionality desired. Will Identity ever have these features built in? I was watching a Channel 9 video and the presenters had mention version 3 forthcoming.
Version 2, though much better than 1, still leaves a lot to be desired.
I love the simplicity of social network integration, and the two-factor, but ideally these would/should have been add-ons to the login control.
I doubt that the migration tool will handle the older login content (I hope I am wrong here) and I am not looking forward to the time it will take to test, and code an overlay to the new Identity, and then learn that version 3 has a entirely new set of tools/features
or requirements that prevent further migration.
And as a small added comment, it seems to me that the social networking feature, and to another extent even two-factor, although valuable, could also be construed as added functionality to learn more about the user rather than actually protecting data/content.
The convenience of a single logon is well understood, but the ability to access other data if so desired, well, I simply don't care to give up that connection. At least its selectable.
Jun 23, 2017 03:27 PM|mgebhard|LINK
It is my understanding that ASP Web Forms has reached the end of its life cycle and is no longer the focus of new development. The new focus is ASP.NET Core and MVC/Web Api where server controls simply do not exist. Therefore, I don't think we'll ever
see the Identity integrated into the login control.
With that being said. Your question, IMHO, is not appropriate for an ASP support forum. It only leads to opinions on what feature should or should not be added to the framework.
If you feel strongly about the direction of ASP.NET, consider joining the openly published ASP.NET development community and express you opinions and code there.
Jun 26, 2017 03:02 PM|march11|LINK
Thanks for the feedback mgebhard, but I was not referring to ASP.NET Core and MVC/Web Api. I understand the road forward is very different, although both of those platforms do support WebForms. My concern was .Net 4.5 and up, where support is available.
Been in this industry way too long, not to see the issues with old technology being left in the dust.
Furthermore, the controls that exist in newer iterations face the same issue. This is not limited to WebForms.
Thanks for the links I will look them over.