Skip links

The Blinking Caret

StructureMap

Setup ASP.NET Identity using StructureMap

by 6 Comments

TL;DR: If you find yourself in a hurry, and you just want to quickly check how to setup ASP.NET Identity in a MVC project using StructureMap you can just check the example project in github

Although ASP.NET project templates are a very useful way to start a new project, some people don’t feel comfortable using them. There are many reasons for this, some people don’t like the project folder structure, others simply like to create the whole project themselves instead of starting from a sample application.

This was at some point the most requested feature in the ASP.NET MVC3 Uservoice site.

If you do decide to start from an empty project template you’ll have to setup everything yourself. That’s not necessarily a bad thing. It provides you the opportunity to setup the project in whichever way you prefer and you can for example use an IoC container to setup ASP.NET Identity which the focus of this blog post.

The main reason why I decided to write this down was because I’ve heard the way ASP.NET Identity is setup being described as “poor man’s dependency injection”, namely the use of .CreatePerOwinContext<T> that you’ll find on the one of the partial class files for Startup.cs in the default template for MVC with Individual User Accounts.

The video where I heard this was ASP.NET Identity Security. The reason why it’s described as “poor man’s DI” is because, instead of actual dependency injection, the dependencies are created in the Startup class, stored as Owin properties (that’s what CreatePerOwinContext does) and then retrieved in the controller (e.g. HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>()).

Anyway, there’s no reason to settle for a “poor man’s DI”, so lets use StructureMap instead.

Starting from scratch

Gray blank vector name tag isolated on white background

If you start with the Empty project template File->New->Project->Web->Asp.Net Web Application and then:

EmptyMvcProject

Because ASP.NET Identity has dependencies on Owin, and because you probably want to use the owin cookie middleware to handle signing in users, start by installing the Microsoft.Owin.Host.SystemWeb NuGet package. You also need to install the ASP.NET Identity NuGet packages. Here’s the list that you can just copy&paste to the package manager console.

Here we’ll be using the EntityFramework version of the user store for ASP.NET Identity (user store italicized because the interface that exposes the functionality to actually save and retrieve users in ASP.NET Identity is named IUserStore).

install-package Microsoft.Owin.Host.SystemWeb
install-package Microsoft.AspNet.Identity.Core
install-package Microsoft.AspNet.Identity.Owin
install-package Microsoft.AspNet.Identity.EntityFramework

And of course, install the StructureMap package for MVC:

install-package StructureMap.MVC5

Create your Owin Startup class. Easiest way is to just right click on your project->Add New Item->Owin Startup Class.

You should add your own connection string in web.config for the database that ASP.NET Identity will be using. For example, if you want to use LocalDb and have the database called IdentitySetupWithStructureMap your connection string could look like this:

<connectionStrings>
  <add name="IdentitySetupWithStructureMap" providerName="System.Data.SqlClient" connectionString="Data Source=(localdb)\ProjectsV12;Integrated Security=SSPI;MultipleActiveResultSets=True;Initial Catalog=IdentitySetupWithStructureMap;AttachDbFileName=|DataDirectory|\IdentitySetupWithStructureMap.mdf" />
</connectionStrings>

This might not be the right connection string for you, for example your LocalDb might have a different name (you can check yours in Visual Studio’s SQL Server Object Explorer). If you are unsure check this great resource to help you setup your connection string.

StructureMap configuration

Before we dive in the StructureMap configuration for ASP.NET identity it helps to know how you would do it manually, i.e., actually new up everything you need.

The main class in ASP.NET Identity, and probably the only one you need to use is UserManager<T>, where T will be a subclass of IdentityUser (if you derive from IdentityUser you can add your own properties to the user that gets saved, if you did not know about this you should check The good, the bad and the ugly of ASP.NET Identity.

UserManager<T> has a dependency on IUserStore<T>. The implementation we are going to use of IUserStore<T>, UserStore<T>, has a dependency on DbContext (this is the EntityFramework implementation we’ve added through NuGet: Microsoft.AspNet.Identity.EntityFramework).

So “manually” you could do this:

var dbContext = new IdentityDbContext("IdentitySetupWithStructureMap");
var userStore = new UserStore<IdentityUser>(dbContext);
var userManager = new UserManager<IdentityUser>(userStore);

And then you could setup your userManager, for example configure the password validator to only allow usernames with more than 6 characters:

userManager.PasswordValidator = new PasswordValidator
{
    RequiredLength = 6
};

Now that you know how to do it completely manually, if you can pause for a brief moment, go compare this with what gets generated with the default project template when you choose individual user accounts, let me know what you think in the comments.

There’s only four simple things that you need to know to understand the StructureMap configuration for this, they are:

  • Given a constructor that expects a certain class as a parameter, specify which subclass to use
  • How do you set properties using StructureMap (for the UserValidator, PasswordValidator, etc in UserManager)
  • How do select a constructor that is not the default constructor that StructureMap would normally use (one that is not the most specific, i.e., not one with the most dependencies).
  • How to set the value of value types in the constructor, for example, the value of a string parameter (e.g. connectionString).

Lets start with the setup for the UserManager<IdentityUser>‘s dependency, IUserStory<IdentityUser> (this code belongs inside the StructureMap Registry you are using to setup MVC, usually it’s called DefaultRegistry):

For<IUserStore<IdentityUser>>()
    .Use<UserStore<IdentityUser>>()
    .Ctor<DbContext>()
    .Is<IdentityDbContext>(cfg =>
        cfg.SelectConstructor(() =>
            new IdentityDbContext("value here does not matter, it's only for selecting the right ctor"))
            .Ctor<string>()
            .Is("IdentitySetupWithStructureMap"));

The For Use part is just how you map an interface to an implementation in StructureMap. Then .Ctor<DbContext>().Is<IdentityDbContext>(...) is basically saying, for the DbContext dependency use its subclass IdentityDbContext. However IdentityDbContext has many constructors, and the one we want to use is not the one with most dependencies (which would be the one StructureMap would use).

We want to use the IdentityDbContext constructor that expects a single string parameter, the connection string. We use .SelectConstructor(() => new IdentityDbContext("value does not matter, this is just to let the compiler select the ctor") to do that, and then we use .Ctor<string> to specify the value we want for the string parameter, in this case the value of the connection string: .Is("IdentitySetupWithStructureMap") (if the constructor had several string parameters you could pass the name of the parameter to .Ctor, e.g. .Ctor<string>("nameOrConnectionString") to disambiguate).

That takes care of UserManager<IdentityUser>‘s dependencies. We still need, however, to set the PasswordValidator and UserValidator.

PasswordValidator is the class that defines the minimum password requirements, for example that the minimum password length is 6 characters. UserValidator is the class that checks if the username is valid, for example if you require that the username is an unique email address. There are more properties that you can setup on UserManager, however the way they are setup is very similar to these two.

Because UserManager does not implement an interface we have to use the class directly in our controllers. The way we configure a concrete class in StructureMap is by using the ForConcreteType<T> method, in our case:

        ForConcreteType<UserManager<IdentityUser>>()
            .Configure
            .SetProperty(userManager => userManager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6
            })
            .SetProperty(userManager => userManager.UserValidator = 
                new UserValidator<IdentityUser>(userManager));

Here’s the full listing for the Registry:

    public DefaultRegistry() {
        Scan(
            scan => {
                scan.TheCallingAssembly();
                scan.WithDefaultConventions();
                scan.With(new ControllerConvention());
            });


        For<IUserStore<IdentityUser>>()
            .Use<UserStore<IdentityUser>>()
            .Ctor<DbContext>()
            .Is<IdentityDbContext>(cfg => cfg.SelectConstructor(() => new IdentityDbContext("connection string")).Ctor<string>().Is("IdentitySetupWithStructureMap"));

        ForConcreteType<UserManager<IdentityUser>>()
            .Configure
            .SetProperty(userManager => userManager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6
            })
            .SetProperty(userManager => userManager.UserValidator = new UserValidator<IdentityUser>(userManager));                
    }

And there you go, with this configuration you can now add UserManager to your controllers as a dependency, for example:

public class HomeController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;
    public HomeController(UserManager<IdentityUser> userManager)
    {
        _userManager = userManager;
    } 
...

I’ve added an example project in Github that uses this setup and a few extra bits. It allows you to create, list and delete users, check it out by cloning the repository

git clone https://github.com/ruidfigueiredo/MvcAndAspNetIdentitySetupWithStructureMapExample

Drop me a line in the comments if you are interested in a summary (cheat sheet) of how to do the most common operations with ASP.NET Identity, for example, create users, delete users, reset a user’s password without requiring email messages, setting up email messages for email confirmation and password reset, etc.

Dependency Injection Without Referencing Implementations

by Leave a Comment

Dependency injection is all about connecting abstractions with implementations.

Flat icons

Carefully defining dependencies produces a codebase with more abstractions (interfaces/abstract classes) and just more classes in general.

Ideally the abstractions should be independent of the implementations at an assembly level (no reference between the assembly that contains the abstractions and the implementations). This way it is impossible to use a concrete class instead of an abstraction, even by “accident” (be this a co-worker who is not familiar with the code base or your future self, perhaps during a bad day).

Why is this a problem?

Depending on an interface/abstract class is more flexible than depending on concrete classes. Object oriented languages provide ways in which you can replace those abstractions with concrete implementations at runtime. You want to do this as much as possible, since this is the best way to make your codebase flexible and reusable (see this and this).

When a new object is required, it’s dependencies (abstract classes/interfaces it references) need to be assigned concrete classes. This task can be delegated to an IoC container. When an instance of a particular type is requested to an IoC container, it will “inject” (usually through the class’ constructor) the implementations required by that type (it’s dependencies). And those implementations are defined in a set of mappings that can easily be changed.

But how can you then have these mappings without referencing the assemblies with the implementations?

If, for example you create an ASP.NET MVC project and install StructureMap as your IoC container (I usually use the NuGet package StrucutreMap.MVC5)

Install-Package StrucutreMap.MVC5

You get this Registry class (Registry classes is where you define the mappings in StructureMap).

    public DefaultRegistry() {
        Scan(
            scan => {
                scan.TheCallingAssembly();
                scan.WithDefaultConventions();
                scan.With(new ControllerConvention());
            });
        //For<IExample>().Use<Example>();
    }

This registry class is in your main assembly (the ASP.NET MVC web project). For you to use it this way means that your main assembly has to reference the abstractions (IExample) and the implementations (Example).

But if you reference implementation and abstractions, even if you just use the abstractions it becomes easy to use a concrete class where an abstraction should be used instead. In big enough projects with many people working on them this is almost a guarantee. It might feel like a shortcut or it might just be because the person doing the code is not familiar with it. It’s as easy as just writing new MyConcreteClass(...).

If your assembly does not reference the assembly containing the implementation of the abstract classes/interfaces there’s no chance of this happening.

Setting yourself up for success

If your main assembly does not reference the implementations there is no way of getting this wrong, and it’s very easy to do.

When defining the mappings there’s no way to avoid referencing the abstractions and their implementations, but we can push that out of our main assembly. Sticking with the example of using the ASP.NET MVC as our main assembly, we can it like this (the arrows represent references between assemblies):

DependencyInjectionDoneRightFinal

Notice that the Abstractions does not depend on anything “concrete” (no implementations), ASP.NET MVC does not depend on anything “concrete” and that Implementations only depends on abstractions (and so does the ASP.NET MVC assembly).

An example will help make this clearer. Imagine you want to create a web page where the user can enter some numbers, click a button and have them sorted. Let’s say that you have this functionality right in your homepage, so if we stick with MVC that usually is your HomeController.

HomeController has a dependency on something that can sort an array of numbers, let’s call it ISorter. Because ISorter is an abstraction we’ll put it in another assembly (Abstractions) and we’ll make the MVC project reference that assembly.

We need to create an implementation for ISorter, let’s call it BubbleSort. This is a concrete class so we’ll put it in an another assembly (Implementations). This assembly references Abstractions (it needs to because it needs to get ISorter from there).

Finally we need to tie all this together and we do it by creating a Mappings assembly. Mappings references both Abstractions and Implementations. Also, the main assembly (MVC project) reference Mappings.

If we use StructureMap the mappings are specified in a registry class, and it will be as simple as this:

using Abstractions;
using Implementations;

using StructureMap.Configuration.DSL;

namespace Mappings
{
    public class MappingsRegistry : Registry
    {
        public MappingsRegistry()
        {
            For<ISorter>().Use<BubbleSort>();
        }
    }
}

You’ll have to configure StructureMap in the MVC project to go looking for this registry. This is how you can do that:

    public DefaultRegistry() {
        Scan(
            scan => {
                scan.TheCallingAssembly(); 
                scan.WithDefaultConventions(); 
                scan.With(new ControllerConvention()); 

                //You have to add these two lines, they will add the mappings from the Mappings assembly
                scan.Assembly(typeof(Mappings.MappingsRegistry).Assembly);  
                scan.LookForRegistries(); 
            });

    }

And that’s it. If you follow this structure you can not get it wrong. In the MVC project writing new BubbleSort() won’t event compile, and better yet, it won’t be possible to do something such as:

public class HomeController : Controller
{
    private readonly ISorter _sorter;
    public HomeController(ISorter sorter)
    {
        _sorter = sorter;
    }
    public ActionResult Index()
    {
        var bubbleSort = (BubbleSort)_sorter; //compilation error

Because let’s face it, if you have to cast, it means your abstraction is not good enough and you should take care of that, and not use a workaround.

Have a look at a working project that has a page where you can enter numbers and click Sort, and that uses this structure.

 git clone https://github.com/ruidfigueiredo/DependencyInjectionDoneRight

Conclusion

When you follow the dependency inversion principle you want to make sure that you do not depend on anything concrete.

You can do that on willpower alone, or you can set your projects up so that this is guaranteed.

By making sure your main project only references the assembly that contains high-level classes and by using an assembly that “ties” those high-level classes to their implementations you can make sure that no high-level class depends on anything concrete.