ASP.NET Core Identity is a membership system which allows you to add login functionality to your application. Users can create an account and login with a user name and password or they can use an external login providers such as Facebook, Google, Microsoft Account, Twitter and more.

In the following article, you will learn how to implement and unit test ASP.NET Core Identity.

You can configure ASP.NET Core Identity to use a SQL Server database to store user names, passwords, and profile data. Alternatively, you can use your own persistent store to store data in another persistent storage, The following article will use SQL Server as data source engine.

The project described in the article will also use OpenIddict to implement token authentication: OpenIddict aims at providing a simple and easy-to-use solution to implement an OpenID Connect server in any ASP.NET Core application.

Setup Project

The following article will add ASP.NET Core Identity to the sample project used by: Implementing SOLID REST API using ASP.NET Core.

In order to use OpenIddict, add the appropriate MyGet repositories to your NuGet sources. This can be done by adding a new NuGet.Config file at the root of your solution:

In order to use ASP.NET Core Identity and OpenIddict add the following packages to your project:

Setup Authentication

Create new Startup.Auth.cs file which will contain the setup of authentication:

The Startup.Auth.cs contains the partials Startup class and initialises identity environment:

  • adds the IdentityDbContext to the application services;
  • maps AppUser model class as identity class;
  • configures the use of OpenIddict;
Retrieve data from data source

The following schema shows the API implementation, from Data access layer to the API layer:

ASP.NET Core Identity

In order to retrieve user data from data source, the application will use 4 key components:

  • AppUser defines the user data source model;
  • UserRepository connects services class to the data source. It uses DbContext in order to retrieve information from database;
  • UserService  aggregates different providers: UserValidator, PasswordValidator, SignInManager; It is used by the UserController to obtain informations form database;
  • UsersController handles http requests form the client and retrieve information about users;

The following code shows the implementation of the UserController. The UserService and UserRepository are available on Github.


Unit test User APIs

Obviously, we need to cover UsersController using unit tests. The following project will use xUnit and Moq as mocking framework.

Firstly, the UsersControllerTests defines two fake classes: FakeUserManager and FakeSignInManager, which will be used by the mocking framework:

In order to mock ASP.NET Core Identity, create a new Test server which will solves the application dependencies:

Finally, we need to mock our FakeUserManager and FakeSignInManager classes by using Moq. The mocking will be implemented by the constructor (setup) of the UserControllerTest class:



In conclusion, ASP.NET Core Identity is the out of box membership framework provided by ASP.NET Core. This article shows how to test the behaviour of the user authentication, you can find the complete project on GitHub.

Cover picture by Corrado Zeni.

Cheers 🙂

About Samuele Resca

Samuele Resca is an Microsoft MVP Visual Studio and Development Technologies, Software Engineer, specializing mainly on ASP.NET MVC and in general about everything that revolves around the web. Samuele was born in 1994, and works as a software developer @ YOOX NET-A-PORTER Group He loves the MVC frameworks, ASP.NET MVC, Javascript, Node.js and Typescript.