I've created a solution consisting of an MVC 5 project and a WebAPI 2.0 project, with the MVC project set to use No authentication settings and the WebAPI project set to use individual users authentication settings. I've also added a reference of my WebAPI project to my MVC project and configured the solution to use the MVC project as it's startup- the button's in the navbar take me to the views returned to me by the MVC controllers, but when visiting /api/values I get the XML results back, so I know my configuration is valid. My goal is to use my MVC project to only return .cshtml views which will in turn fetch data using JQuery ajax calls to the WebAPI and bind the returned data with Knockout.js.
That being said, I would like to use all the security capabilities offered by the new Identity API, but there's a big difference in creating a WebAPI project with IUA (individual user auth.) and creating an MVC project with IUA. When I create the WebAPI project, I get no ApplicationUser class deriving from IdentityUser, nor do my API controllers use a constructor which references an IdentityDB context, unlike the MVC project where it's fairly obvious how the Users will be created.
Here's the difference in the controller code, respectively:
public class AccountController : ApiController
{
private const string LocalLoginProvider = "Local";
public AccountController()
: this(Startup.UserManagerFactory(), Startup.OAuthOptions.AccessTokenFormat)
{
}
public AccountController(UserManager<IdentityUser> userManager,
ISecureDataFormat<AuthenticationTicket> accessTokenFormat)
{
UserManager = userManager;
AccessTokenFormat = accessTokenFormat;
}
}...
..and the MVC controller:
public class AccountController : Controller
{
public AccountController()
: this(new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new IdentityDb())))
{
}
public AccountController(UserManager<ApplicationUser> userManager)
{
UserManager = userManager;
}
public UserManager<ApplicationUser> UserManager { get; private set; }
}...
Why is there no DbContext in the ApiController? Where does the UserManager store new users when executing the Register method(?):
public async Task<IHttpActionResult> Register(RegisterBindingModel model)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
User user = new User
{
UserName = model.UserName
};
IdentityResult result = await UserManager.CreateAsync(user, model.Password);
IHttpActionResult errorResult = GetErrorResult(result);
if (errorResult != null)
{
return errorResult;
}
return Ok();
}
Ultimately, I would like to have my user entities reside either in my WebApi project (containing the DB access logic) or even better have a class library handle all database access. How can I obtain or create a DbContext instance that would work with the users created from my ApiController and can that context be shared to accommodate other entities related to the user?
I realize this question is very broad and that there is no ONE RIGHT WAY to design a multi-layered application, but I feel that the users should be a "core" DB entity, equal with all others and handled by the same layer as the others, so I've decided to try and utilize the boilerplate code provided by the Identity API, but at the same time would like to have some flexibility and treat the users as a core entity.
