cool-webapi VS ASP.NET Identity

So far I have added and configured several packages to the cool-webapi project and in the future articles I will add more packages and configuration and the Startup class will become a large class.

You can find the source code for this walkthrough on Github.

Open Startup.cs class and follwing codes:

In the previous article, I wrote about API versioning and how to add Swagger to the sample project with support of API versioning. In this article, I show how to add custom middleware to handle exceptions globally and create a custom response when an error occurred.

Open the cool-webpi project and Install Microsoft.AspNetCore.Mvc.Versioning.ApiExplorer package

Source code for this walkthrough could found on the Github.

There's nothing wrong with directly getting the user in their flow, the GetTwoFactorAuthenticationUserAsync is just the method that uses a tfa cookie to flow the information in the templates. The obvious caveat is that you would need to be careful to not make it easy to bypass the first/password step, but there's not a lot of ceremony underneath the covers: https://github.com/aspnet/Identity/blob/master/src/Identity/SignInManager.cs#L526

If you wrap the result into another object like IdentityResult, you should pay the extra heap allocation. For each call, an extra object should be initialized even for the successful operation. If you call an API 100 times with different inputs, how many times an exception may be thrown? So the rate of throwing an exception with the extra object initializing (and heap allocation) is not the same