With ASP.NET Core Identity fully registered we can learn how to perform user registration actions in our project.

User registration is a process of registering users in our application by saving their credentials in the database. So, in this article, we are going to learn how to implement user registration actions in our project. Additionally, we are going to learn about different identity options that could help us in a process.

To download the source code for this project, you can visit the ASP.NET Core Identity User Registration repository.

To navigate through the entire series, visit the ASP.NET Core Identity series page.

Let’s look at the basic navigation for this article:

So, let’s get started.

Preparation for User Registration

Let’s begin with the UserRegistrationModel class:

In this class, we have a couple of properties the user populates in the registration form. As you can see the Email and Password properties are required and the ConfirmPassword property must match the Password property.

With this in place, let’s create a new MVC controller with two actions inside:

So, we have the Account controller with two Register actions (GET and POST). We are going to use the first one to show the view and the second one for the user registration logic.

With that in place, let’s create a view for the GET Register action:

So basically, we have all the input fields from our model in this view. Of course, clicking the Create button will direct us to the POST Register method with the UserRegistrationModel populated.

Now, let’s install the AutoMapper library, so we could map the UserRegistrationModel to the User class:

PM> Install-Package AutoMapper.Extensions.Microsoft.DependencyInjection

After we execute this command, AutoMapper will be installed. We are going to use it in a moment.

Finally, let’s slightly modify the _Layout view:

We’ve added a partial view, but we have to create it as well. To do that, let’s create a new _LoginPartial view file in the Shared folder:

Excellent.

If we start our application, we are going to see the Register link in the upper-right corner. After we click on it, the Register view will appear.

User Registration in Action

To start with the user registration logic, we have to inject our AutoMapper and UserManager class in the Account controller:

The UserManager class comes from the Microsoft.AspNetCore.Identity namespace and it provides a set of helper methods to help us manage a user in our application.

Before we continue, let’s register AutoMapper in the Configuration method in the Startup class:

Now, we can modify the Register action:

As you can see, the action is async now because the UserManager’s helper methods are async as well. Inside the action, we check for the model validity and if it is invalid, we just return the same view with the invalid model.

If that check passes, we map the registration model to the user.

Additionally, we use the CreateAsync method to register the user. But this method does more for us. It hashes a password, executes an additional user checks and returns a result.

If the result is successful, we just attach the default role to the user, again with the UserManager’s help, and redirect the user to the Index page.

But if the registration fails, we loop through all the errors and add them to the ModelState.

Finally, we have to create the MappingProfile class:

You can see that we map email to the username because we are not using username in the registration form.

Testing

Let’s test several invalid cases:

Testing invalid User Registration

You can see the model validation is working just fine. The CreateAsync method validates the password related errors too.

If a user enters valid values in our form, the user registration process will complete successfully and they will be redirected to the Index page:

Valid User Registration

Excellent.

Now, let’s dive a bit into the ASP.NET Core Identity configuration.

Identity Options

As you could see in the testing example, our user registration process requires the password to fulfill certain rules. These rules can be found and adjusted in the IdentityOptions settings.

Right now, the password requires at least 6 characters, upper and lower case letters, etc.

Let’s play around a bit with these values.

We are going to modify the AddIdentity method in the ConfigureServices method:

So, we override the default password configuration by setting the required password length to 7 instead of 6 characters, which is the default value. Additionally, we state that digits and upper case letters are not required.

If we test this with the „test“ password:

Wrong Password - User registration

We can see that there are no more alerts for digits and uppercase letters, and the required length is now 7 characters.

In our example, we are using an email as a user name. By default, email is not required to be unique, but we can change that:

If we try to register with already registered email address:

User registration with taken email

Of course, pay attention that showing a message like this to a user could be a potential security risk.

That’s because, if this is a user who tries to hack our account, we have just reviled this email already exists in our system and allowed them to focus only on the passwords.

A better solution would be to send an email message to the owner of this account, with the information that the account already exists.

By doing this, we don’t narrow down hacking possibilities for the malicious user and our regular user could proactively change the password or contact the system administrator to report a possible account breach.

Conclusion

There are a lot more settings we can play with, but for now, this is enough.

In articles to come, we are going to modify IdentityOptions settings even more. But feel free to explore it by yourself. As you can see, the names are pretty self-explanatory.

In the next article, we are going to learn about Login and Logout functionalities with ASP.NET Core Identity.

Until then…

If you have enjoyed reading this article and if you would like to receive the notifications about the freshly published .NET Core content we encourage you to subscribe to our blog.