current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
up vote 0 down vote favorite

My engineers are implementing authentication and authorization using Asp.Net Identity Framework 2.0. The requirements state that we need to support the following scenario:

  1. Global admin user signs in.
  2. Global admin user views an organization.
  3. Global admin user invites organization user or admin to system.
  4. Email is sent to invited user containing special link.
  5. Invited user clicks on link, signs into their "Microsoft Account" (@hotmail.com) and is then signed into our website and associated to the organization and with the correct role assignment.

In my opinion, we should be able to do all of this using out-of-the-box features of Asp.Net Identity Framework. For example: In step 3, we can call the CreateUser() method and it should provision a user account that has not yet been confirmed. We can use the ConfirmationToken it generates to email the user. Is this not the correct way to proceed?

My engineers think that they need to implement custom user, role and organization tables and implement all custom authorization and roles for this because they believe that the user account within the identity framework can only be created when the user comes back from signing in (via OAuth) the first time.

share|improve this question
    
It complicates things a bit that you want to use OAuth instead of DB accounts, but in principle I don't see any reason you need to replace Identity to do this. –  emodendroket Aug 13 '14 at 13:43

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.