Fresh on the heels of kicking off our .NET development in a big way, I’m happy to announce that the second release of our .NET authentication SDK is ready for prime time.

In this release, we’ve added some new features to help with authorization and social login. Plus, there are a few more goodies under the hood.

Getting the Newest Release of the .NET SDK As always, installing the SDK is as easy as:

install-package Stormpath.SDK

If you’re already using the SDK, then this release should be a drop-in upgrade:

update-package Stormpath.SDK

Fine-Grained Permissions with Custom Data

With Stormpath, you can store key-value pairs called Custom Data on resources like Accounts. This can be used for anything (you decide what’s stored!), but many of our customers find custom data is an easy way to store fine-grained permissions alongside the user accounts themselves.

In this release, it’s simple! You can create an account with custom data easily:

Then, when you authenticate a user account, you can retrieve the stored custom data values and use them to grant or restrict access in your application:

Profile Data Storage with Custom Data

Custom data isn’t just for storing authorization data, though! Another popular use case is storing additional profile data with each user account, saving you the overhead of maintaining a separate database.

Every resource can store up to 10MB of custom data, and it’s not just limited to user accounts! The .NET SDK supports saving and retrieving custom data for every Stormpath resource that has a linked customData resource. For more information, see the Custom Data documentation.

Role-Based Authorization with Groups

This release also adds support for Stormpath Groups, which make it easy to implement role-based access control.

Creating a group and assigning users to it can be accomplished with a few lines of code:

When handling a user request, group membership can be used to grant or restrict access:

If you need even further control, you can also use custom data to store fine-grained permission rules on the accounts, or even on the groups themselves. This makes modeling complex permissions models for your application a cinch.

Easy Facebook, Google, Github, and LinkedIn Login

If you’re building a web application and want to add social login support, rolling your own code to interact with the specific authentication flows for each provider can be a pain. Stormpath abstracts away a lot of that complexity, letting you focus on actually building your application instead.

With this release, we’ve added support for exchanging a token from a social login provider for a Stormpath user account. All you have to do is redirect the user to the appropriate social login page, and capture the callback token that is sent back to you. Then, create a request to Stormpath. For example, for Facebook login:

That’s it! For more information on how social login works in Stormpath, refer to the documentation.

In our forthcoming ASP.NET integration, this process will be even easier, with drop-in support for Facebook, Google, Github, and LinkedIn login buttons.

New Account Email Verification

This release also adds support for verifying that the e-mail address of a new account is valid.

If an account is created in a Stormpath Directory that has the Verification workflow enabled, an e-mail will automatically be sent to the new user with a callback URL that includes an sptoken parameter. This token can be used to verify that the user’s email address is correct.

When your application receives the token, you simply have to send it back to Stormpath:

If the token is valid, the account details are returned and the account is marked as verified in Stormpath. For more information on how the verification flow works, see the documentation.

What’s Next

There’s plenty more to come! Here’s what’s on the roadmap:

  • Request caching
  • Token authentication
  • Single Sign-On support with Stormpath ID Site
  • Integration with ASP.NET
  • Is there something specific you want to see? Join the conversation on Github or shoot us an email.

    Viva .NET!