Project TD — Day 96 update 1 of 2 — Azure Active Directory or ASP dot net Identity?

folks line up to enter a building. colors don't represent any particular race and are for informational purpose only

While I continue to plow away on the android and iOS apps that will demo the consumption of the already active demo web api, I am actively trying to plan the next part. That would be the identity management part.

Identity management system is a simple concept. Any service of any kind will have its users. Users have different levels of access. Users need to be registered, self or otherwise. They need to be assigned an access level. Then, they need to be removed. Of course, there should be systems in place to allow these details related to the user to be changed. The system will also take care of things like allowing user to reset password, change password and ensuring the password related details are stored securely.

I have already decided that I am going to lean heavily on Microsoft provided identity solutions. I found two of them — Azure Activity Directory and ASP.NET Identity. I am fairly convinced that they both — at least internally — reuse a lot of code. In terms of implementation though, they have certain benefits, and some drawbacks.

Cloud (Azure Active Directory) versus Database (ASP.NET Identity)

With Azure Active Directory, the database is directly being integrated to the code that is related to the identity management. I don’t have to worry about the database details, or the many tasks that are associated with managing a database. The cloud takes care of everything making it easy for me to manage stuff later. Also, it clearly separates the eco system data from user data. It will be easier to secure things because, again, Azure will take care of everything for me.

With ASP.NET Identity, the responsibility to manage the database falls squarely on me. I also must spend extra on the database itself, and take care of security. Of course, the database itself will be hosted on Azure, so there is that. Yet, it is expensive — both in terms of cost and time spent configuring and maintain it — no matter how I consider it. However, I do have more finer control over the way the information is stored. Perhaps that is a good thing. Perhaps it is not.

Social Login Implementation

ASP.NET Identity traces its routes to the ASP.NET membership system that was introduced way back in 2005. As I write this, it is 2017, it is mature. It does have its drawbacks (according to the internet, but I found many of the drawbacks were irrelevant to the nature of project TD) but for my purposes, it just works. I want to use facebook login for my app ecosystem, as detailed in my earlier project td update. ASP.NET Identity has fantastic support for facebook login, among other services that work with OAuth 2.0 such as Microsoft and LinkedIn. In simple words, I don’t have work too hard to get ASP.NET Identity to work for me.

Azure Active Directory is great if you just want to use Active Directory accounts. However, I cannot expect every user to go through the rigmarole of creating an account. I must provide the option for Facebook based login. As of now, and unlike ASP.NET Identity, Azure Active Directory does not have official libraries that work with Facebook or any OAuth 2.0 systems. There are 3rd party libraries that work, but again, they are 3rd party libraries. Can I trust them? No. I have enough unknown components in project TD without having to invite them knowingly into the system.

I like adventure as much as the next gal or guy. However, adventure for the sake of adventure is stupidity. I have grown beyond that.

The Final Choice — ASP.NET Identity

I want to go with Azure Active Directory. It is in line with my all-in cloud approach. However, my project does not stand to gain by the main purpose of Azure Active Directory which is Active Directory systems that are hosted on the cloud. I have no need for it. Although there is the added cost of maintaining and additional database with ASP.NET Identity, it is simply the more mature tech at this point.

Further, once Azure Active Directory matures enough to provide support for OAuth 2.0 providers such as Facebook, migrating over should be painless. It’s not a compromise. It’s more like using something mature now until something better also becomes mature.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Freelance Tutor — Coding, Generative Art and Photoshop. Full Name : Vijayasimha BR