dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.44k stars 10.02k forks source link

Where are the account pages? angular SPA + identity template #11494

Closed guyng closed 4 years ago

guyng commented 5 years ago

Describe the bug

I cannot find the account pages for login,register, forgot password, etc in the angular + identity template, there is no account views or either they are hidden in one of the dll's.

To Reproduce

Steps to reproduce the behavior:

  1. start a new project with the angular + identity authentication template.
  2. Look for account pages such as login,sign up, etc.

Expected behavior

these pages should exist so we can actually use this template in real life scenario.

blowdart commented 5 years ago

You need to scaffold them out.

@javiercn @mkArtakMSFT Any ideas on how this can be more discoverable? This question comes up a lot.

mkArtakMSFT commented 5 years ago

Yeah, this is well documented. Do you have any other suggestion? I'd say we can add a comment in the template, but that wouldn't fly - given we're moving towards simplifying the templates as much as possible.

guyng commented 5 years ago

simplifying? it took me few hours just to find out i actually need to scaffold it to get the pages source. Don't make assumptions that your users are aware of all the inner functionalities of the platform because i'v been working with asp.net core for over a year and i haven't use scaffold even once until today.

Also, all of this abstractions you're making is creating more confusion and there is a big lack of documentation. using the AddApiAuthorization api abstraction in startup i would like to know what exactly it does without me having to dive deep into your source code. "Configures defaults for Identity Server for ASP.NET Core scenarios." isn't enough, we need more in detail reasoning of why we should use the new abstraction api => having less control OR configuring it the old way, hence repeating the same boiler plate code but at least understanding what it does and having more control over it.

Seriously tho, if you want your customers AKA myself and others to use your new features, please provide more in depth info regarding the goals/benefits/reasons of the changes you did because from what i could read it is very far from being self explanatory.

You want to simplify even more? sure, go for it but only if you have proper documentations, otherwise it just discourage myself and others of actually using your new features.

@mkArtakMSFT @blowdart

guyng commented 5 years ago

P.S - advice for life, always assume your user has dementia/memory loss and when trying out a new feature he need it to be simple and documented as possible to prevent him getting a stroke.

This concept helped me a lot throughout my career as a senior software developer.

mkArtakMSFT commented 5 years ago

@guyng do you feel this documentation https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.2&tabs=visual-studio wasn't useful?

blowdart commented 5 years ago

Identity UI as a library is a feature lots of vocal customers wanted because the number of files in the templates was overwhelming. In the 2,1 time frame I ran a bunch of surveys to see what satisfaction was like and the numbers ended up, to my surprise, showing more people liked it than disliked it, so stepping back to everything in the template really wasn't an option.

If we made what was going on more discoverable, either through comments in the template code, or through an expanded create new project dialog would that be of some help in discovering the UI library concept?

DamianEdwards commented 5 years ago

There was an interesting suggestion at some point to actually have the project system show the view files in the solution explorer, but as read-only, if they're actually coming from a referenced package. Then we could build some UX around interacting with those breadcrumb nodes to initiate scaffolding. I thought the idea had merit but I doubt it would be high priority enough to do in a release too soon.

Certainly a comment in the generated Startup.cs file for projects that were created with auth might help here, or even a readme txt file in the project in the location where folks might expect to find the views with details of how to start scaffolding, something like this? image

guyng commented 5 years ago

@mkArtakMSFT The documentation itself is useful but i had no idea that i need to scaffold the project to actually get these "hidden" files, my first impression was that you've put it in the open source github repo and the only way is to manually copy the files from the repo to the project. If it was more clear it would save me a lot of time.

Yes, either create new project dialog with additional information, or as Damian suggested adding a read me file would be even better. Also, this idea with the read only view files is great idea as long as it would be easy enough way to scaffold these.

Besides that, since we're already talking about documentation for the new auth template, i'd like to ask again regarding the AddApiAuthorization missing documentation. What exactly does it do? What code does it abstract away? Do we still have the same configuration control? What are the benefits of using it instead of the old way(except of the boiler plate)? How do i configure it? When should i not use it? is it appropriate to use for all authentication scenarios? etc etc..

@DamianEdwards @blowdart

blackdwarf commented 5 years ago

So, I've seen the news that the good ol' .NET Framework is going the way of the dodo, so decided to upgrade my MVC5 app that is running happily to Core MVC 2.1. I knew I was in for a treat, since I remember from my days back in Redmond that it is quite different, but I have to say, this Identity UI thing really got me confused and totally surprised. It didn't take me as long to find out the scaffolding options in the docs as some other people mention on this issue, and at least that particular document is pretty good in explaining what is happening and how to generate these artifacts.

But folks, this is entirely too much magic.

Assorted musings:

@DamianEdwards @blowdart

For people that are looking for a way on how to opt out of this and do stuff the same way it was done up until MVC Core 2.0, there are two solutions:

  1. Create a new project without any auth support and add Identity support manually. Not really optimal.
  2. Use this part of the mentioned document and add AccountController manually. Some chap was kind enough to put up a GitHub repository with ye ol' AccountController so you can use that one.
taori commented 5 years ago

@DamianEdwards @blowdart

Also comming here from research after creating a new asp netcore project - This change struck me as a big suprise. While it is a benefit to "plug" in additional modules instead of having them auto scaffolded depending on setup, if you started without certain modules (in the past i generated an empty project with the required authentification and copied those contents to the project i was working on), you can now just add them afterwards.

However after finding the relevant documentation and executing the scaffolding there is still something missing - the account controller - I've overriden all and it's missing. If i'm executing a full scaffolding i would expect it to be there, so i can modify registration processes and whatnot.

PS: Found it. So it was scaffolded as razor pages instead of a plain controller. So i can't actually apply global filters to the account controller anymore, because there isn't one, as it's all seperate pages. Not sure what to think of that.

PS2: I was wrong. https://docs.microsoft.com/de-de/aspnet/core/razor-pages/filter?view=aspnetcore-2.2 allows for sort of global account filters. Guess there were just plenty of changes, i didn't know of. My bad. Kind of overlooked it.

ghost commented 4 years ago

Thank you for contacting us. Due to no activity on this issue we're closing it in an effort to keep our backlog clean. If you believe there is a concern related to the ASP.NET Core framework, which hasn't been addressed yet, please file a new issue.