Daftar Isi

1. Pengantar ASP.NET Core Identity
2. Konsep Dasar Autentikasi & Otorisasi
3. Setup Proyek ASP.NET Core dengan Identity
4. Membuat Fitur Registrasi dan Login
5. Manajemen Role dan Claims
6. Konfigurasi Keamanan Lanjutan
7. Source Code Lengkap
8. Referensi & Channel Pembelajaran

1. Pengantar ASP.NET Core Identity

ASP.NET Core Identity adalah sistem autentikasi dan otorisasi yang terintegrasi dengan framework ASP.NET Core. Sistem ini memudahkan pengembang untuk mengelola user, login, role, dan keamanan aplikasi web secara efisien dan aman.

Dengan ASP.NET Core Identity, Anda dapat dengan mudah menambahkan fitur seperti registrasi user, login, manajemen role, dan otorisasi berbasis claims tanpa harus membangun sistem keamanan dari nol.

2. Konsep Dasar Autentikasi & Otorisasi

Sebelum masuk ke implementasi, penting untuk memahami dua konsep utama:

• Autentikasi: Proses verifikasi identitas pengguna, biasanya melalui username dan password.
• Otorisasi: Proses menentukan apakah pengguna yang sudah terautentikasi memiliki izin untuk mengakses resource tertentu.

ASP.NET Core Identity menggabungkan kedua konsep ini dengan menyediakan mekanisme autentikasi yang aman dan sistem otorisasi berbasis role dan claims.

3. Setup Proyek ASP.NET Core dengan Identity

Berikut langkah-langkah membuat proyek ASP.NET Core dengan Identity:

1. Buat proyek baru ASP.NET Core Web App (Model-View-Controller):
   Jalankan perintah di terminal:

   dotnet new mvc -o MyIdentityApp

2. Tambahkan paket NuGet Identity:
   Jalankan:

   dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore

3. Tambahkan DbContext dan konfigurasi Identity di Startup.cs atau Program.cs :
   Contoh konfigurasi:

   services.AddDbContext<ApplicationDbContext>(options =>
       options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
   
   services.AddIdentity<IdentityUser, IdentityRole>()
       .AddEntityFrameworkStores<ApplicationDbContext>()
       .AddDefaultTokenProviders();
   
   services.ConfigureApplicationCookie(options => {
       options.LoginPath = "/Account/Login";
       options.AccessDeniedPath = "/Account/AccessDenied";
   });
             

4. Tambahkan koneksi database di appsettings.json :
   

   "ConnectionStrings": {
     "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=MyIdentityDb;Trusted_Connection=True;MultipleActiveResultSets=true"
   }
             

5. Jalankan migrasi database:
   

   dotnet ef migrations add InitialCreate
   dotnet ef database update

4. Membuat Fitur Registrasi dan Login

Berikut contoh implementasi halaman registrasi dan login menggunakan ASP.NET Core Identity.

4.1. Model RegisterViewModel

public class RegisterViewModel
{
    [Required]
    [EmailAddress]
    public string Email { get; set; }

    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }

    [DataType(DataType.Password)]
    [Compare("Password", ErrorMessage = "Password dan konfirmasi tidak cocok.")]
    public string ConfirmPassword { get; set; }
}
      

4.2. Controller AccountController (Registrasi & Login)

public class AccountController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;
    private readonly SignInManager<IdentityUser> _signInManager;

    public AccountController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
    }

    [HttpGet]
    public IActionResult Register() => View();

    [HttpPost]
    public async Task<IActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = new IdentityUser { UserName = model.Email, Email = model.Email };
            var result = await _userManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                await _signInManager.SignInAsync(user, isPersistent: false);
                return RedirectToAction("Index", "Home");
            }
            foreach (var error in result.Errors)
            {
                ModelState.AddModelError("", error.Description);
            }
        }
        return View(model);
    }

    [HttpGet]
    public IActionResult Login() => View();

    [HttpPost]
    public async Task<IActionResult> Login(LoginViewModel model)
    {
        if (ModelState.IsValid)
        {
            var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
            if (result.Succeeded)
            {
                return RedirectToAction("Index", "Home");
            }
            ModelState.AddModelError("", "Login gagal. Periksa email dan password.");
        }
        return View(model);
    }

    [HttpPost]
    public async Task<IActionResult> Logout()
    {
        await _signInManager.SignOutAsync();
        return RedirectToAction("Index", "Home");
    }
}
      

4.3. Model LoginViewModel

public class LoginViewModel
{
    [Required]
    [EmailAddress]
    public string Email { get; set; }

    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }

    public bool RememberMe { get; set; }
}
      

5. Manajemen Role dan Claims

Role dan claims digunakan untuk mengatur hak akses pengguna. Berikut cara menambahkan role dan menggunakannya untuk otorisasi.

5.1. Menambahkan Role Saat Startup

public static async Task CreateRoles(IServiceProvider serviceProvider)
{
    var roleManager = serviceProvider.GetRequiredService<RoleManager<IdentityRole>>();
    string[] roleNames = { "Admin", "User", "Manager" };
    IdentityResult roleResult;

    foreach (var roleName in roleNames)
    {
        var roleExist = await roleManager.RoleExistsAsync(roleName);
        if (!roleExist)
        {
            roleResult = await roleManager.CreateAsync(new IdentityRole(roleName));
        }
    }
}
      

5.2. Menambahkan User ke Role

var user = await _userManager.FindByEmailAsync("user@example.com");
await _userManager.AddToRoleAsync(user, "Admin");
      

5.3. Menggunakan Role untuk Otorisasi di Controller

[Authorize(Roles = "Admin")]
public IActionResult AdminOnly()
{
    return View();
}
      

6. Konfigurasi Keamanan Lanjutan

Untuk meningkatkan keamanan aplikasi, Anda dapat mengaktifkan fitur-fitur berikut:

• Two-Factor Authentication (2FA): Menambahkan lapisan keamanan ekstra dengan kode OTP.
• Lockout Policy: Mengunci akun setelah beberapa kali gagal login.
• Password Policy: Mengatur kompleksitas password minimal.
• External Login Providers: Mengintegrasikan login dengan Google, Facebook, dll.

6.1. Contoh Konfigurasi Password dan Lockout

services.Configure<IdentityOptions>(options =>
{
    options.Password.RequireDigit = true;
    options.Password.RequiredLength = 8;
    options.Password.RequireNonAlphanumeric = false;
    options.Password.RequireUppercase = true;
    options.Password.RequireLowercase = true;

    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
    options.Lockout.MaxFailedAccessAttempts = 5;
    options.Lockout.AllowedForNewUsers = true;
});
      

6.2. Mengaktifkan Two-Factor Authentication

Anda dapat mengaktifkan 2FA dengan menggunakan email, SMS, atau aplikasi authenticator. ASP.NET Core Identity sudah menyediakan API untuk mengelola 2FA.

7. Source Code Lengkap

Berikut ini adalah contoh source code lengkap minimal untuk fitur registrasi, login, dan role management menggunakan ASP.NET Core Identity.

7.1. Program.cs (ASP.NET Core 6+)

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));

builder.Services.AddIdentity<IdentityUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

builder.Services.ConfigureApplicationCookie(options => {
    options.LoginPath = "/Account/Login";
    options.AccessDeniedPath = "/Account/AccessDenied";
});

var app = builder.Build();

using (var scope = app.Services.CreateScope())
{
    var services = scope.ServiceProvider;
    await CreateRoles(services);
}

app.UseAuthentication();
app.UseAuthorization();

app.MapDefaultControllerRoute();

app.Run();

async Task CreateRoles(IServiceProvider serviceProvider)
{
    var roleManager = serviceProvider.GetRequiredService<RoleManager<IdentityRole>>();
    string[] roleNames = { "Admin", "User" };
    foreach (var roleName in roleNames)
    {
        var roleExist = await roleManager.RoleExistsAsync(roleName);
        if (!roleExist)
        {
            await roleManager.CreateAsync(new IdentityRole(roleName));
        }
    }
}
      

7.2. ApplicationDbContext.cs

public class ApplicationDbContext : IdentityDbContext<IdentityUser>
{
    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
        : base(options)
    {
    }
}
      

7.3. AccountController.cs

using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks;

public class AccountController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;
    private readonly SignInManager<IdentityUser> _signInManager;

    public AccountController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
    }

    [HttpGet]
    public IActionResult Register() => View();

    [HttpPost]
    public async Task<IActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = new IdentityUser { UserName = model.Email, Email = model.Email };
            var result = await _userManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                await _signInManager.SignInAsync(user, isPersistent: false);
                return RedirectToAction("Index", "Home");
            }
            foreach (var error in result.Errors)
            {
                ModelState.AddModelError("", error.Description);
            }
        }
        return View(model);
    }

    [HttpGet]
    public IActionResult Login() => View();

    [HttpPost]
    public async Task<IActionResult> Login(LoginViewModel model)
    {
        if (ModelState.IsValid)
        {
            var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
            if (result.Succeeded)
            {
                return RedirectToAction("Index", "Home");
            }
            ModelState.AddModelError("", "Login gagal. Periksa email dan password.");
        }
        return View(model);
    }

    [HttpPost]
    public async Task<IActionResult> Logout()
    {
        await _signInManager.SignOutAsync();
        return RedirectToAction("Index", "Home");
    }
}

public class RegisterViewModel
{
    [Required]
    [EmailAddress]
    public string Email { get; set; }

    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }

    [DataType(DataType.Password)]
    [Compare("Password", ErrorMessage = "Password dan konfirmasi tidak cocok.")]
    public string ConfirmPassword { get; set; }
}

public class LoginViewModel
{
    [Required]
    [EmailAddress]
    public string Email { get; set; }

    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }

    public bool RememberMe { get; set; }
}
      

8. Referensi & Channel Pembelajaran

Berikut beberapa sumber belajar dan channel yang sangat membantu untuk mendalami ASP.NET Core Identity:

• Dokumentasi Resmi Microsoft ASP.NET Core Identity
• Tim Corey - YouTube Channel (Tutorial ASP.NET Core lengkap)
• .NET Foundation - YouTube Channel resmi .NET
• Pluralsight - ASP.NET Core Identity Course (Berbayar)
• Udemy - ASP.NET Core Identity Course (Berbayar)