{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《How to remove the role-related tables from ASP.NET》','https://www.manongdao.com/q-1279005.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
With the advice read-elsewhere that Roles are a subset of Claims, I am looking at a clean way to ask the EF Core implementation in ASP.NET Identity not to create role-related tables in the ASP.NET Identity Core 2.0 template in VS 2017. Only claims are needed. The template uses
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
// Customize the ASP.NET Identity model and override the defaults if needed.
// For example, you can rename the ASP.NET Identity table names and more.
// Add your customizations after calling base.OnModelCreating(builder);
}
}
And IdentityDbContext creates these Roles-related tables
How to get rid of them without manipulating the migration files?
You can't, and it's very likely Identity would cease to function if you did. Like it or not, Identity utilizes roles. You can choose not to take advantage of this functionality, but it's there nevertheless.
That said, in some sense, every authentication artifact is a "claim". However, claims are abstract concepts, whereas something like a role has a concrete implementation. If you need authorization filters, roles are what you should use. You could use claims, but then you just have to reimplement the concept of a role, anyways. Don't reinvent the wheel.
This has always been possible in ASP.NET Identity, but has become easier over time, as conventions have moved away from Roles and towards Rights, Actions, Claims, Predicates, and other more reusable and maintainable semantics. I've been using Identity for years in my ASP.NET projects with my pre-existing DB schemas (which have no role tables). I admit, it's quite difficult to understand how to do this due to the cumbersome complexity of ASP.NET Identity, as well as the fast-paced open-source code changes occurring in ASP.NET coupled with the complete lack of human-informed documentation in the API reference (which is entirely boilerplate machine-generated).
Prior to ASP.NET Core, you could do this by overriding
UserManagerandUserStoreimplementations. By stubbing out the Role requests with no-ops, or overriding theRoleAttributeimplementation with a more useful and developer-safe one (probably not based on magic strings!), the absence of the Role tables goes unnoticed. Even using the default implementations, if you never used default Role attribute implementations or asked Role questions, the tables could be removed without consequence. None of the default ASP.NET scaffolding depends on roles.In original ASP.NET Core Identity 1.0/1.1 versions, you did this by implementing
UserStorewithout the optionalIUserRoleStoreinterface. Information on that can be found in the main ASP.NET Core Identity documentation.As of ASP.NET Core 2.0 (per your main question), you could do this more easily by deriving your context from
IdentityUserContextinstead ofIdentityDbContext, as per the example below. This no longer required custom implementations in 2.0 due to the newUserOnlyStore. The call toAddIdentityin Startup.cs also needed to be replaced withAddIdentityCore.AddIdentityCorerequires a few extra lines of code if you depend on other standard Authentication features, as by default it does not initialize Cookies or TokenProviders. (As noted below, in 2.1, changes to the boilerplateStartupare no longer required.)It's quite simple to remove roles in ASP.NET Core 2.1/2.2 (current as of this writing). Here's an example using a new project to demonstrate:
Create a new project to demonstrate identity, selecting:
Remove Roles from the newly scaffolded Identity project
ApplicationDbContext : IdentityDbContextApplicationDbContext : IdentityUserContext<IdentityUser>Note the
IdentityUserContextlacks Role, so custom key types only require 2 argumentsIdentityUserContext<IdentityUser<int>, int>AddDefaultIdentity<IdentityUser<int>>()is specified as beforeUpdate/build the database schema to reflect the above. In the Package Manager Console:
Add-Migration RemoveIdentitySchemaRolesUpdate-DatabaseRun the app