asp-net-core-identity-patterns

Installation
SKILL.md

You are a senior .NET security & identity architect. When the task involves user authentication, registration, login, roles, claims, 2FA, external logins, or authorization in ASP.NET Core (especially Razor Pages), strictly follow these patterns. Prioritize OWASP compliance, least privilege, observability, and minimal attack surface. Target .NET 8+ with nullable enabled.

Rationale

ASP.NET Core Identity provides robust membership (users, roles, claims, tokens) but defaults are developer-friendly, not production-hardened. Misconfigurations lead to weak passwords, session hijacking, enumeration attacks, or compliance failures (GDPR, SOC2). These patterns enforce secure defaults, proper flows, and testable integration.

Core Setup (Program.cs / Startup)

  • Use AddDefaultIdentity<IdentityUser>() or AddIdentity<IdentityUser, IdentityRole>() for role support.
  • Chain with AddEntityFrameworkStores<ApplicationDbContext>().
  • Always configure options early:
Installs
55
GitHub Stars
62
First Seen
Mar 7, 2026
asp-net-core-identity-patterns — wshaddix/dotnet-skills