User Management
This section contains a sample demonstrating Duende User Management with IdentityServer. User Management is a user store and authentication platform that ships as a NuGet package and replaces ASP.NET Identity for IdentityServer scenarios.
User Management Getting Started Sample
Section titled “User Management Getting Started Sample”This sample contains the finished source code for the Getting Started with User Management tutorial.
Full User Management Sample
Section titled “Full User Management Sample”This sample demonstrates a full IdentityServer deployment using Duende User Management for user storage and authentication. It covers multiple authentication methods working together in a single application, orchestrated by .NET Aspire.
Authentication methods demonstrated:
- Email OTP: enter email, receive a code via SMTP, verify, and sign in (unknown emails are auto-registered)
- Password + TOTP 2FA: email/password login with time-based one-time password as a second factor
- Passkeys: after first OTP login, users are prompted to register a passkey for future passwordless sign-in
- Passkey as second factor: after password verification, users can tap a passkey instead of entering a TOTP code
- Google external login: OAuth callback creates or links a local profile automatically
Additional features:
- User profile management using a schema-driven attribute model (extensible attributes rather than a fixed user table)
- ASP.NET Identity migration: the Admin Import page demonstrates bulk-importing users from an existing ASP.NET Identity database, including password hash compatibility, claims-to-attributes mapping, and deterministic subject ID generation
- Second factor state management: encrypted cookies coordinate the 2FA flow between password verification and TOTP/passkey completion
The sample uses .NET Aspire to orchestrate IdentityServer, a client application, and Mailpit (for local email testing)
in a single dotnet run command.
Password Registration Sample
Section titled “Password Registration Sample”This sample demonstrates Duende User Management functionality for passwords. It validates an OTP sent to a user’s email for initial authentication, then allows the user to set a password. It also includes Forgot Password functionality for resetting a password after validating an OTP.
Concepts demonstrated:
- Password Configuration: Password length and complexity through the PasswordOptions configuration.
- Custom Password Validator: An IPasswordValidator with custom logic to block passwords in a hard-coded list.
- Unique Custom Attributes: A unique
Duende.Storage.EntityAttributeValue.AttributeDefinitionfor the user’s email address to tie the sign-in password to the email address. - Custom Attribute Data: Allows the user to edit custom profile data stored in attributes through the /Account page.
The sample uses .NET Aspire to orchestrate IdentityServer and Mailpit (for local email testing)
in a single dotnet run command.