Demonstrate a production-oriented customization of ASP.NET Core Identity on .NET 10 with MVC controllers (replacing Razor Pages Identity), focusing on localization, SMS-based authentication, admin tooling, scalable session management, and modern UI.
- Complete authentication pages redesign with purple gradient backgrounds
- Password strength indicators with real-time validation
- Responsive sidebar navigation for manage area
- Card-based layouts throughout admin and user areas
- Shared layouts:
_AuthLayout.cshtmlfor auth pages, modern sidebar for manage area - Mobile-first responsive design with RTL (Persian) support
- ✅ Admin Area: 100% complete - Modern dashboard, user management, role management
- ✅ Account Views: 60% complete (12/20) - Login, register, 2FA, password reset
- ✅ Manage Views: 23% complete (3/13) - Profile, email, password change
- ⏳ Remaining: 21 views to enhance (SMS login, phone verification, 2FA management)
auth.css- Authentication pages styling (400+ lines)admin.css- Admin dashboard stylingmanage.css- User profile management styling
- .NET 10 with all setup consolidated in
Program.cs - MVC controllers in
Usersarea replacing default Razor Pages Identity - Identity with
intkeys: customApplicationUser,ApplicationRole, and related entities - Custom EF Core schema mapping: renamed tables/columns in
ApplicationDbContext - Persian
IdentityErrorDescriberfor localized Identity error messages - Custom
UserStoreimplementation enabling login by username, email, or phone number - Passwordless SMS login flow using
UserLoginWithSmsandSmsService - SMS-based pre-registration gated by
Identity:PreRegistrationEnabledconfiguration - Complete Two-Factor Authentication (2FA) with Authenticator Apps (TOTP) and SMS
- Password Breach Detection via Have I Been Pwned API (k-anonymity model)
- Server-side cookie session storage via
ITicketStore(DatabaseTicketStore) - Online user session management dashboard with admin actions
- Background cleanup service for expired sessions and tokens
- Admin area for comprehensive user and role management
- Role-based UI visibility with
RolesTagHelper
Complete 2FA implementation supporting both Authenticator Apps (TOTP) and SMS-based verification.
✅ QR code generation for authenticator apps
✅ 10 single-use recovery codes
✅ SMS-based 2FA fallback
✅ Device remembering (30-day cookies)
✅ Comprehensive management dashboard
✅ Persian/Farsi localization with RTL support
/Users/Manage/TwoFactorAuthentication- 2FA dashboard/Users/Manage/EnableAuthenticator- Setup authenticator with QR code/Users/Manage/ShowRecoveryCodes- View/download recovery codes/Users/Account/LoginWith2fa- Login with TOTP code/Users/Account/LoginWithRecoveryCode- Login with recovery code
📖 Detailed Guide: See Documents/2FA-Implementation-Guide.md
Integration with Have I Been Pwned (HIBP) API using PwnedPasswords.Validator package.
- ✅ Checks against 613+ million breached passwords
- ✅ k-anonymity model (only first 5 SHA-1 hash characters sent)
- ✅ Applied to registration and password changes
- ✅ Custom Persian error message
- ✅ Works with ASP.NET Core Identity validation pipeline
📖 Detailed Guide: See Documents/HIBP-Integration-Guide.md
- Set
DefaultConnectioninappsettings.jsonto your SQL Server - Apply migrations:
dotnet ef database update - Run the app:
dotnet run - Browse to
/Users/Account/Loginor/Admin
- Layout: Uses shared
_AuthLayout.cshtmlfor all Account views - Background: Purple gradient (
#667eea→#764ba2) - Components: Modern cards, smooth animations, icon integration
- Features: Password strength, auto-submit, loading states
- Mobile: Fully responsive with RTL support
- Structure: Views focus on content only; layout handles HTML/head/scripts
- Layout: Sidebar navigation with modern design
- Components: Card-based sections, status badges, action buttons
- Navigation: Collapsible sidebar for mobile
- User Info: Avatar with username in sidebar footer
- Layout: Full admin dashboard with navigation
- Tables: Sortable, filterable data tables
- Actions: Role assignment, password reset, session management
- UI: Bootstrap-based with FontAwesome icons
- White space at bottom - Resolved with body background gradient
- Content cutoff on tall pages - Fixed with
justify-content: flex-startand scrolling - Labels not visible - Changed to dark gray (
#374151) - OAuth redirect issues - Fixed hardcoded area names after Identity→Users rename
- Email confirmation workflow requires configuration
- SMS service needs production provider setup
- Some views still pending UI enhancement (see status above)
ApplicationUser : IdentityUser<int>, ApplicationRole : IdentityRole<int> with custom schema mapping.
modelBuilder.Entity<ApplicationUser>(b => {
b.ToTable("Users");
b.Property(e => e.Id).HasColumnName("UserID");
b.Property(e => e.UserName).HasColumnName("Username");
});public class PersianIdentityErrorDescriber : IdentityErrorDescriber {
public override IdentityError DuplicateUserName(string userName) => new() {
Code = nameof(DuplicateUserName),
Description = $"نام کاربری '{userName}' به کاربر دیگری اختصاص یافته است."
};
}Custom UserStore.FindByNameAsync allows login by username, email, or phone number.
One-time code flow with UserLoginWithSms entity and expiration handling.
Optional phone verification before registration via Identity:PreRegistrationEnabled.
Full user/role management with assignment, password reset, and session control.
DatabaseTicketStore implementation for centralized session management.
View active sessions, force logout, cleanup expired, clear all sessions.
BackgroundService with PeriodicTimer to purge expired data every 20 seconds.
- .NET 10 - C# 14
- ASP.NET Core Identity - Authentication & authorization
- Entity Framework Core 10 - Data access
- SQL Server - Database
- Bootstrap 5.3 RTL - UI framework
- FontAwesome 6 - Icons
- Vazirmatn Font - Persian typography
- Custom CSS - auth.css, admin.css, manage.css
- Vanilla JavaScript - Form interactions
- jQuery Validation - Client-side validation
Microsoft.AspNetCore.Identity.EntityFrameworkCore10.0.0Microsoft.EntityFrameworkCore.SqlServer10.0.0MailKit4.14.1QRCoder1.7.0PwnedPasswords.Validator1.2.0CheckBoxList.Core1.1.0
IdentityCoreCustomization/
├── Areas/
│ ├── Admin/ # Admin dashboard
│ │ ├── Controllers/
│ │ ├── Models/
│ │ └── Views/
│ └── Users/ # User authentication & management
│ ├── Controllers/
│ ├── Models/
│ └── Views/
│ ├── Account/ # Login, register, 2FA
│ ├── Manage/ # Profile management
│ └── Shared/
│ └── _AuthLayout.cshtml
├── Data/ # DbContext & migrations
├── Models/ # Domain models
├── Services/ # Email, SMS, cleanup services
├── wwwroot/css/
│ ├── auth.css # Authentication styling
│ ├── admin.css # Admin dashboard styling
│ └── manage.css # Profile management styling
└── Documents/
├── 2FA-Implementation-Guide.md
├── HIBP-Integration-Guide.md
└── Project_Analysis.md
{
"ConnectionStrings": {
"DefaultConnection": "Server=localhost;Database=IdentityCoreCustomization;Trusted_Connection=True"
}
}services.AddIdentity<ApplicationUser, ApplicationRole>(options => {
options.SignIn.RequireConfirmedAccount = false;
options.User.RequireUniqueEmail = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddErrorDescriber<PersianIdentityErrorDescriber>()
.AddPasswordValidator<PwnedPasswordsValidator<ApplicationUser>>();- Version History - Complete change log with version tracking
- 2FA Implementation Guide - Two-factor authentication setup
- HIBP Integration Guide - Password breach detection
- Project Analysis - Comprehensive feature analysis & recommendations
- Fork the repository
- Create a feature branch
- Make your changes
- Ensure build succeeds:
dotnet build - Submit a pull request
This project is for demonstration purposes. Modify and use as needed for your projects.
For issues or questions:
- Check documentation in
Documents/folder - Review
Version-History.mdfor recent changes - Open an issue on GitHub
Version: 1.10
Last Updated: January 2026
Target Framework: .NET 10
Status: Active Development ⚡