🎯 Goal
Implement secure user registration, login, logout, and role-based access control for the Kedr platform. The system must support extensible identity features while maintaining strict separation between infrastructure and application logic.
The solution must be reliable, testable, and production-grade, using ASP.NET Core Identity as the foundation — but fully adapted to Clean Architecture.
📝 Notes
- Use ASP.NET Core Identity with PostgreSQL and separate
IdentityDbContext
- Store users, roles, claims in infrastructure; expose only mapped DTOs via Application layer
- No direct dependency on Identity from Domain or Application layers
- Registration and login forms built in Presentation (Blazor Web App), bound via mediator handlers
- Role management (e.g.,
Admin, User) is enforced via policies, not hardcoded logic
- Authentication scheme must be cookie-based (Blazor Server) with antiforgery support
- Password complexity, lockout, email confirmation — configurable via options
- Extendability: ready for external login or MFA in future
- Integration tests must cover login, role access, and unauthorized scenarios
🎯 Goal
Implement secure user registration, login, logout, and role-based access control for the Kedr platform. The system must support extensible identity features while maintaining strict separation between infrastructure and application logic.
The solution must be reliable, testable, and production-grade, using ASP.NET Core Identity as the foundation — but fully adapted to Clean Architecture.
📝 Notes
IdentityDbContextAdmin,User) is enforced via policies, not hardcoded logic