4

In newly created ASP.NET MVC5 application, the login screen asks you to enter Email address. But under the hood, it authenticates with user name assuming applicationUser.UserName == applicationUser.Email.

How to change it to make it authenticate user via Email address?

It seems like they have changed something in Identity 2.x in that regard.

Note: I want to keep it login via Email.

For example, in register view, our users are expected to provide:

Email: last.first@example.com

User: Last, First

And during Login, the email will be used. Currently, it uses email but authentication fails because it passes email as user-name.

Community
  • 1
  • 1
Annie
  • 3,090
  • 9
  • 36
  • 74

2 Answers2

7

In Login#Accounts:

After

if (!ModelState.IsValid) 
{ 
    return View(model); 
}

I added:

var user = await UserManager.FindByEmailAsync(model.Email);

And changed:

var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);

to:

var result = user == null ? SignInStatus.Failure : await SignInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, shouldLockout: false);

In register view, I have User Name as well as Email (for which I had to add UserName property in RegisterViewModel).

Annie
  • 3,090
  • 9
  • 36
  • 74
  • But still you are authenticating users via username right? Or have you managed to authenticating users with Email, I mean in identity framework not the UI. – DSR Oct 05 '14 at 09:53
  • Yes it is authenticating with UserName, but do the job. :) – Annie Oct 06 '14 at 21:51
  • I have the same problem , but instead checking "EmailConfirmed" as true , I added bool IsActive property to ApplicationUser . I used the same workaround as here , but it's still a workaround and not a "built-in" solution for extends . Microsoft MVC 5 template is good , but needs more thinking like "built-in" extends without override(custom) the whole authentication mechanisms. – Zakos Nov 02 '14 at 08:48
0

I had the same issue with identity framework. In earlier version the Email address is not part of the registration process. And the identity implementation validating username field as unique and authenticate users against username and password. But allowed us to manage and update 'IUserStore' properties in order to support unique emails and username field to be able to insert email address (non AlphanumericUserNames). But this was not in the visual studio MVC individual user accounts template, which we have to add our self.

The code we have to add to ApplicationUserManager.cs, sample code included in the following NuGet package.

Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta2 -Pre

    manager.UserValidator = new UserValidator<ApplicationUser>(manager)
    {
        AllowOnlyAlphanumericUserNames = false,
        RequireUniqueEmail = true
    };

In version 2.x, identity framework included email field as unique field, also added all required codes to the visual studio MVC individual user accounts template under App_Start >> IdentityConfig. Further more, removed the username part from the UI and kept it back-end only.

But the authentication mechanism hasn't change, which is still using username and password for validation. The change only happened when you registering the user, email address will be inserted into username field which used when authenticating users.

According to my understanding there isn't any out of the box identity framework support for authenticating users with email and password at the moment. You have to insert email into username field when registering users.

DSR
  • 4,588
  • 29
  • 28