With the advice read-elsewhere that Roles are a subset of Claims, I am looking at a clean way to ask the EF Core implementation in ASP.NET Identity not to create role-related tables in the ASP.NET Identity Core 2.0 template in VS 2017. Only claims are needed. The template uses
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
: base(options)
{
}
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
// Customize the ASP.NET Identity model and override the defaults if needed.
// For example, you can rename the ASP.NET Identity table names and more.
// Add your customizations after calling base.OnModelCreating(builder);
}
}
And IdentityDbContext creates these Roles-related tables
How to get rid of them without manipulating the migration files?
This has always been possible in ASP.NET Identity, but has become easier over time, as conventions have moved away from Roles and towards Rights, Actions, Claims, Predicates, and other more reusable and maintainable semantics. I've been using Identity for years in my ASP.NET projects with my pre-existing DB schemas (which have no role tables). I admit, it's quite difficult to understand how to do this due to the cumbersome complexity of ASP.NET Identity, as well as the fast-paced open-source code changes occurring in ASP.NET coupled with the complete lack of human-informed documentation in the API reference (which is entirely boilerplate machine-generated).
Prior to ASP.NET Core, you could do this by overriding UserManager and UserStore implementations. By stubbing out the Role requests with no-ops, or overriding the RoleAttribute implementation with a more useful and developer-safe one (probably not based on magic strings!), the absence of the Role tables goes unnoticed. Even using the default implementations, if you never used default Role attribute implementations or asked Role questions, the tables could be removed without consequence. None of the default ASP.NET scaffolding depends on roles.
In original ASP.NET Core Identity 1.0/1.1 versions, you did this by implementing UserStore without the optional IUserRoleStore interface. Information on that can be found in the main ASP.NET Core Identity documentation.
As of ASP.NET Core 2.0 (per your main question), you could do this more easily by deriving your context from IdentityUserContext instead of IdentityDbContext, as per the example below. This no longer required custom implementations in 2.0 due to the new UserOnlyStore. The call to AddIdentity in Startup.cs also needed to be replaced with AddIdentityCore. AddIdentityCore requires a few extra lines of code if you depend on other standard Authentication features, as by default it does not initialize Cookies or TokenProviders. (As noted below, in 2.1, changes to the boilerplate Startup are no longer required.)
It's quite simple to remove roles in ASP.NET Core 2.1/2.2 (current as of this writing). Here's an example using a new project to demonstrate:
Create a new project to demonstrate identity, selecting:
Remove Roles from the newly scaffolded Identity project
ApplicationDbContext : IdentityDbContextApplicationDbContext : IdentityUserContext<IdentityUser>Note the IdentityUserContext lacks Role, so custom key types only require 2 arguments
IdentityUserContext<IdentityUser<int>, int>AddDefaultIdentity<IdentityUser<int>>() is specified as beforeUpdate/build the database schema to reflect the above. In the Package Manager Console:
Add-Migration RemoveIdentitySchemaRolesUpdate-DatabaseRun the app