Problem in configuring MongoDB

[sranjan-m]

I'm using ASP.Net Core Identity. Have set up the Connection string in Startup.cs Already added a sample user to my db using MongoDB Compass db.createUser command. But my login authentication returns as invalid username or password.

Is there a way to check if the connection to the Mongo DB is successful. _signInManager.PasswordSignInAsync(....) return as failed.

[vova3211]

You should use UserManager<TUser> (e.g. UserManager<MongoUser>) to create user instead of create it manually. It has 2 methods CreateUserAsync() with pwd and without. /w password your option.

[sranjan-m]

Hi. Thanks for your response. This is fine for creating the new users. How about the old users? Are those users need to be created manually one by one?

And I do have one more doubt here. Does the method CreateUserAsync() create a MongoDB user or does it create a new collection in the database to store the users?

[vova3211]

What the old users are? When they was created and how, via this lib? Please provide more info.

CreateUserAsync() creates new user record. If collection does not exist, it will be created. Name of collection is "Users" by default, but you can set any name while registering services.AddIdentityMongoDbProvider...

[sranjan-m]

No, all the old users are not yet created. Actually, we are upgrading our existing application's authentication to ASP.NET Core Identity and MongoDB which means we already have few hundreds of existing users whose credentials we have to migrate from MS SQL to MongoDB using the import functionality provided in MongoDB Compass. So, those are our existing users I was referring to.

Even though the collection name I use for storing the User's info in my MongoDB is "Users", still unable to validate the user credential and returned with "Failed" result from _signInManager.PasswordSignInAsync(....)

To start with the development we have created some sample user in the "Users" collection. Here is a sample of how the data looks like in the "Users" collection.

{
  "_id": {
    "$oid": "603343b175cffe4cc4eab718"
  },
  "Password": "jason$01",
  "Username": "jason"
}

Does the PasswordSignInAsync() method expect any other property to be available in the collection?

[vova3211]

This is how it should look:

{
    "_id" : ObjectId("6069a53bda7eb081276d57d8"),
    "UserName" : "test1",
    "NormalizedUserName" : "TEST1",
    "Email" : "test1@test.ts",
    "NormalizedEmail" : "TEST1@TEST.TS",
    "EmailConfirmed" : false,
    "PasswordHash" : null,
    "SecurityStamp" : "EDOLZW6TAICXG4KZWRZCREI3YT44DXY3",
    "ConcurrencyStamp" : "9ad4b244-9673-47dc-b243-c0f1993fe694",
    "PhoneNumber" : null,
    "PhoneNumberConfirmed" : false,
    "TwoFactorEnabled" : false,
    "LockoutEnd" : null,
    "LockoutEnabled" : true,
    "AccessFailedCount" : 0,
    "AuthenticatorKey" : null,
    "Roles" : [],
    "Claims" : [],
    "Logins" : [],
    "Tokens" : [],
    "RecoveryCodes" : []
}

Password can't be as simple string and should be hashed. E.g. password "Admin123!" will be as "AQAAAAEAACcQAAAAEMXTUQRKXJNXV73VuxdyjDuNOISNG+BN2Vr2NIGWQxTUjzW5opfpKkgI6xJ/IohJrQ==".

The best option to you is to create simple console application and using UserManager create users one by one.

[sranjan-m]

Ok @vova3211 . Thanks for your quick reply. Yeah, we have the passwords stored encrypted using our own encryption keys and that was just a sample to show the format of the data stored in the "Users" collection. Thanks a lot for your concern and the suggestion. Will try to create the users using UserManager and get back to you.

[vova3211]

If you are using own enctyption algorithm, you probably wanna use custom implementation of IPasswordHasher.

This article can be useful custom passwordhasher

[sranjan-m]

We had the passwords encrypted and stored in the MS SQL. Now we are planning to come out of MS SQL at least for the Authorization services.

This Identity Server with MongoDB architecture is still under evaluation stage and it hasn't been finalized yet for the full fledged development and production stages. Once the POC (Proof of Concept) is ready we'll be deciding on implementing our own encryption algorithms.

This suggestion of yours will really help a lot. Thanks for sharing.

[sranjan-m]

Hi @vova3211 . This is to update that using UserManager to create a new user solved the issue and now able to login successfully. Thanks.