1

UserManager in Asp.Net Identity 2 prevents creation user with duplicate username through additional request to database to find possible duplicate. I think this is error prone and can cause concurrency errors. The correct mechanism should rely on on unique constraints or indexes. Am I wrong and do I miss something?

Links to source: CreateAsync and ValidateUserName

Improve this question
2
  • Entity Framework must support multiple data stores, and not simply ones based on databases. As such, it needs to verify uniqueness in a way that works for any type of store. For instance, you might have a store based on XML. How would you enforce unique constraints on that? Commented Nov 2, 2014 at 23:29
  • However, looking at the code you linked to.. it uses a custom "UserValidator" object, which.. if the Validator knew it was using a datastore that was capable of using unique constratraints, it could simply return true for any duplicate checking code. Commented Nov 2, 2014 at 23:33

1 Answer 1

Reset to default
3

No, you are not wrong. And Identity adds the unique index on Username column:

Tables generated by Identity

And the migration code for this table is:

        CreateTable(
            "dbo.AspNetUsers",
            c => new
                {
                    Id = c.String(nullable: false, maxLength: 128),
                      /*  .... SNIP .... */
                    UserName = c.String(nullable: false, maxLength: 256),
                })
            .PrimaryKey(t => t.Id)
            .Index(t => t.UserName, unique: true, name: "UserNameIndex");

Unique index is clearly set on the column.

p.s. you are looking on Identity v3 - it is not released. Current Identity v2.1 is not open source yet.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

While Identity framework may indeed enforce unique constraints in an EF based model, remember that Identity is designed to be extensible and work with any kind of store.. so regardless of whether it uses unique constraints, the framework itself must still do things a bit less efficiently in order to be more extensible.
Sure. At the moment Identity.Core does not enforce username uniqueness on trasactional level, but this it relies on IUserStore implementation to do that. And when Identity uses EF, unique index is implemented. I don't think transactional checking is very important on creating of users.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.