Azure mobile services custom authentication intergated with asp net website identity

Question

I've implemented custom authentication on my azure mobile services based on this article :

I have also .asp net mvc website. I want to integrate those 2 services, so I want that users can register by website OR by mobile service.

So I change the table registered users data is stored and now it is the same table that mobile service users are stored in.

How can I change default way ASP.NET users is register? I want to disable default hashing password and use my own hash function, the same as in mobile services.

Or maybe shoud I change the way of registration and login from mobile service? Update: Now, In website I use default register method:

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Register(RegisterViewModel model)
{
    if (ModelState.IsValid)
    {
        var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
        var result = await UserManager.CreateAsync(user, model.Password);

        if (result.Succeeded)
        {
            await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
            return RedirectToAction("Index", "Home");
        }

        AddErrors(result);
    }

    // If we got this far, something failed, redisplay form
    return View(model);
}

And login part:

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    // This doesn't count login failures towards account lockout
    // To enable password failures to trigger account lockout, change to shouldLockout: true
    var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);

    switch (result)
    {
        case SignInStatus.Success:
            return RedirectToLocal(returnUrl);
        case SignInStatus.LockedOut:
            return View("Lockout");
        case SignInStatus.RequiresVerification:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
        case SignInStatus.Failure:
        default:
            ModelState.AddModelError("", "Invalid login attempt.");
            return View(model);
        }
    }

Answer 1

For your websites code: Implement a class that derives from UserManager

public class WebsiteUserManager : UserManager<ApplicationUser>
{
    public WebsiteUserManager(IUserStore<ApplicationUser> manager)
        : base(manager)
    {
    }
}

Implement a Create function that returns WebsiteUserManager with your own config (Password policy, etc.). If your are using EntityFramework, simply use UserStore with your DbContext:

var manager = new WebsiteUserManager(new UserStore<ApplicationUser>(context.Get<DbContext>()));

The manager gives you access to the password validator and PasswortHasher .

Then add the WebsiteUserManager as property in your WebApi class that contains the Register method:

public WebsiteUserManager WebUserManager
    {
        get
        {
            return _webUserManager ?? Request.GetOwinContext().GetUserManager<WebsiteUserManager>();
        }
        private set
        {
            _webUserManager = value;
        }
    }

Now, in your Register method call

var result = await WebUserManager.CreateAsync(user, model.Password);