Software Blog


ASP.NET Identity w/o Entity Framework

If you prefer to use Entity Framework, more power to you. After developing my SQL skills for years it just feels "odd" to give them up for what I consider minor convenience. I'm sure that this is some sort of holy war discussion that really, I'm not interested in participating in. Given that, there are some of us out here in the wild that don't want to use ORM's like Entity Framework (or any other for that matter, except of course Dapper).   So when I found out that the new security model for ASP.NET called "ASP.NET Identity" had a dependency on EF, I needed a way to remove it.

We have several versions of Identity running without EF (pre source release), some that are older now. At the time of this writing they are on version 2.2.1 and have released the source for ASP.NET Identity, which makes life much easier.

As I talked about in a previous post about the Identity Security Stamp, I suggested that I was working on running without EF, this is the follow up to that post. (TL;DR; - don’t let Security Stamp be null in your database)

Get Started

Basically I took the default ASP.NET MVC site that is generated with Visual Studio and converted it to use Identity without Entity Framework against a MSSQL database. I use Dapper as the wrapper for the raw SQL. You can use this as an example, or start from it, either way I hope somebody finds it useful.

Download the Source

  1. Build the source, this should force the Nuget Packages to download.
  2. Create a new db on your machine or server.
  3. Execute the Generate.sql file from the Identity.Database project on your new db.
  4. Change your connection string in the Identity.Web web.config to point to your new db.
  5. Run it.

This should give you the familiar default project, where you should be able to register, change password, login, logout.

Source Notes


This is used to extend the user profile based on your needs, you can change the table and the class to match your needs. I prefer to extend the user via profile and keep the security items separate.


This is basically a wrapper for the connection string, I find this useful when you enter Dependency injection land.

IdentityModels & GenerateUserIdentityAsync

If you look at the default project it has a .cs file named, IdentityModels. I removed that, and moved the GenerateUserIdentityAsync method over to the IdentityUser class, that just seemed to make more since to me so that a critical piece of security code isn't buried in some model. Just a personal preference.

Feedback? Better Idea? General Comment? Problems?