I have a problem with making the Microsoft Account authentication working without the identity being stored in the database. This is all done in the latest VS 2017 install with the latest core 2.0 release. I followed this guide and managed to get it to work. The issue is that the guide assumes that the identity will be added to the database used by the application. This is because the sample uses:
var info = await _signInManager.GetExternalLoginInfoAsync(await _userManager.GetUserIdAsync(user));
and in the Startup.cs:
services.AddIdentity<ApplicationUser, IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();
This is something I would like to avoid. My goal is to authenticate using the MS account and Authorize using the provided Claims (Claims-Based Authorization) but without the entire database structure from the sample being required.
I've struggled with this for some time now. I've tried to implement a cookie storage (even though the MS Account has one of it's own as far as I understand) for user login like it's done Here by removing the EF code that adds new data into the existing login from the database and adding the Signin call in the callback method from the sample. The User object at the callback point ( in OnGetCallbackAsync ) has all of the claims I need fetched from the Microsoft Account. When the redirect happens however the User object is empty (no claims, not logged in).
I would like to ask: what is the appropriate approach here? My understanding was that the MS account login already sets up a cookie so the removal of the code contacting the DB should have been enough; is this not correct? If so what steps do I need to authenticate the user in a manner described above?
I very much appreciate your help on this.