Home > database >  Is there a downside not using UserManager to create or update AspNetUsers?
Is there a downside not using UserManager to create or update AspNetUsers?

Time:04-15

It seems that all the recommended approaches I see on the internet are to use the UserManager<TUser>.CreateAsync() method to create users.

What are the downside of using only ef core dbContext?

Say that I have a TimeZoneInfoId column in AspNetUsers.

 public class ApplicationUser : IdentityUser
    {
        public string? TimeZoneInfoId { get; set; }
    }

Is it bad to update it using dbContext?

For instance:

using var dbContext = await DbContextFactory.CreateDbContextAsync();
var userToUpdate = await dbContext.ApplicationUsers.Where(u => u.UserName == "John").FirstOrDefaultAsync();
userToUpdate?.TimeZoneInfoId = "Samoa Standard Time";
await dbContext.SaveChangesAsync();

Or is it perfectly fine to do so?

CodePudding user response:

First of all, UserManger is another level of abstraction. Usually it's used with EF-based user store, but you may implement ANY store you want.

So if you use UseManager project-wide and at some development stage you decide that you want to switch current EF-based user store to something else, the only thing to do is to replace IUserStore in your UserManager. If you go the way you provided (calling db directly) - you'll be supposed to refactor EVERY place where you managed the user.

User manager takes care about few more things, for example: updating security stamps / normalization or validation - it's very important to know, that you can modify every aspect of UserManager - the only thing you have to do is to switch UserManager abstraction to another one - just like in case of IUserStore.

To sum up, UserManager work's like a good glue for many components which allows you to manage users. In default it uses good default implementations but it's very easy to adjust it any way you need.

CodePudding user response:

Here is an explain about why we choose to use UserManager and RoleManager.

ASP.NET Core Identity:

Is an API that supports user interface (UI) login functionality.

Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.

It's not just database access. It is also code that manages login functionality, secure token creation, secure password management and much more.

You need to take all of the above into consideration if you create a custom system, have an external auditor to pen-test your solution (even though this is a good idea whatever choice you make), unit test, performance test etc.

All the above is already done. You can easily customize the identity with various hook points too.

BTW, identity uses ef to access the datastore already by default.

Do structure your multilayer application, but leave identity out of it. It is a horizontal concern and it's presence is there to simplify your development and let you worry about your business needs only.

It's very difficlut to define bad in your code, But userManager provides developers with a more convenient, efficient and safe choice.

refer to link

  • Related