IdentityServer.v3, MembershipReboot, AngularJs, WebApi 2 and MVC : Mix It ! : Part 2

Home

Introduction 

In this part we will create and configure the web api that will create User accounts in the database. This api will be used by our angularJs based Web UI application to create users. Authentication is left to the Identity server. In fact, we use the facilities of membershipReboot to create User accounts.

full ongoing code 

Step 1 : Create the project

In visual studi create an empty web project and select webapi.

2.1

Step 2 : Add the nuget packages

For membershipreboot

Install-Package BrockAllen.MembershipReboot.WebHost
Install-Package BrockAllen.MembershipReboot.Ef

This will also install BrockAllen.MembershipReboot

For Ninject

Install-Package ninject.web.common.webhost

This will also install ninject.web.common

Step 3: Create the Models

In our example, we will add some custom properties to the user account. these will be the First and Last Name. Therefor, we need to create our own custom UserAccount class and we’ll add these properties to our Model.
Create a UserAccount class and add properties (These added properties MUST be virtual)

    public class UserAccount : RelationalUserAccount
    {
        public virtual string FirstName { get; set; }
        public virtual string LastName { get; set; }
    }

create the RegisterInputModel class that will be used to transport the data from the UI to the web api.

    public class RegisterInputModel
    {
        public string Username { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string Email { get; set; }
        public string Password { get; set; }
        public string ConfirmPassword { get; set; }
    }

Step 4 : configure MR Repository

in the Web.config file, add the connection string to your membershipReboot DB. In our case it is “MyIdentityDb”. If the database is not created, it well be created at runtime.

 <connectionStrings>
    <add name="MyIdentityDb" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=Identity;Integrated Security=True" providerName="System.Data.SqlClient" />
  </connectionStrings>

add the MR DbContext classes

namespace MixIt.WebApi.Customization
{

    public class CustomDb : MembershipRebootDbContext<UserAccount>
    {
        public CustomDb()
            : base("MyIdentityDb")
        {
        }
    }

    public class CustomUserAccountRepository : DbContextUserAccountRepository<CustomDb, UserAccount>
    {
        public CustomUserAccountRepository(CustomDb db)
            : base(db)
        {
        }
    }
}

also add a class to help init MembershipReboot in Ninject

  public class MembershipRebootConfig
    {
        public static MembershipRebootConfiguration<CustomUserAccount> Create()
        {
            var settings = SecuritySettings.Instance;

            var config = new MembershipRebootConfiguration<CustomUserAccount>(settings);

            return config;
        }
    }

In Web.config, you must also add a section : membershipreboot if you want to configure it there.

<section name="membershipReboot" type="BrockAllen.MembershipReboot.SecuritySettings, BrockAllen.MembershipReboot" />
...
<membershipReboot requireAccountVerification="false"
                    emailIsUsername="false"
                    multiTenant="false"
                    passwordHashingIterationCount="0"
                    accountLockoutDuration="00:01:00"
                    passwordResetFrequency="0" />

in NinjectWebCommon#RegisterService() method add the following to DI MemberShipReboot:

            var config = MembershipRebootConfig.Create();
            kernel.Bind<UserAccountService<CustomUserAccount>>().ToSelf();
            kernel.Bind<MembershipRebootConfiguration<CustomUserAccount>>().ToConstant(config);
            kernel.Bind<IUserAccountRepository<CustomUserAccount>>().To<CustomUserAccountRepository>().InRequestScope();
            kernel.Bind<CustomDb>().ToSelf().InRequestScope();

Step 5 : make Ninject work

For Ninject to work, I had to aadd a NinjectDependencyResolver : I followed more or less this article http://www.peterprovost.org/blog/2012/06/19/adding-ninject-to-web-api/

So I added a NinjectDependencyResolver.cs and NinjectDependencyScope.cs and configured them in ninjectWebCommon  by adding the following line:

GlobalConfiguration.Configuration.DependencyResolver = new NinjectDependencyResolver(kernel);

Step 6 : create the controller

 public class RegisterController : ApiController
    {
        UserAccountService<CustomUserAccount> userAccountService;

        public RegisterController(UserAccountService<CustomUserAccount> userAccountService)
        {
            this.userAccountService = userAccountService;
        }

        [HttpPost]
        [Route("api/account/create")]
        public IHttpActionResult RegisterAccount(RegisterInputModel model)
        {
            try
            {
                var account = this.userAccountService.CreateAccount(model.Username, model.Password, model.Email);
            }
            catch (ValidationException vex)
            {
                throw vex;
            }

            return Ok();
        }
    }

The controller has one single method for now that registers an account in the repository. We keep things simple here. Here, more checks should be added and better exception handling should be coded. We will improve it later on.

 

Step 7 : Test it with fiddler

Start the project, and using Fiddler, issue the following Post request :

Post:
http://localhost:10073/api/account/create

Headers:
User-Agent: Fiddler
Content-Type: application/json

Body:
{
"Username":"somename",
"Password":"passwordMy",
"Email":"test@test2.com"
}

Illustration:
2.2

If everything went well, you should receive a “200 OK” response.

You can also start the project we created in Part 1 (IdentityServer config) to check if the account is created.

2.3

7 thoughts on “IdentityServer.v3, MembershipReboot, AngularJs, WebApi 2 and MVC : Mix It ! : Part 2”

  1. Hello Cedric,

    first of all great tutorial. I’ve got a few questions:

    – I’m using this web api (the one that you use to register the account) to also list users and other account management. It’s this the right way? The thing is when I add the “Authorization” attribute to my controller and the “app.UseIdentityServerBearerTokenAuthentication” in Startup It always returns me no authorization. I use the same code for the resource Web API and works good.

    – When I request the token how do I request for more than one scope?

    Thank you

  2. I don’t even think I you can just get IdentityManager like Scott did anymore and just run it, for example I don’t see where to set AspNetIdentity or MembershipReboot like he did in the new code.

  3. There’s a little misspelling error in Step 5 : make Ninject work:

    For Ninject to work, I had to aadd

    Should be:
    For Ninject to work, I had to add

    I think it was a typo.

    Regards.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: