I\'m using the VS2013 ASP.NET SPA template as a starting point for my web application which uses the new ASP.NET identity framework. This is from the template:
So the pattern should be one UserManager and one DbContext per request. In the 2.0-alpha1 release, we tried to make this easier by adding some new Identity Middleware that takes care of both of these things:
We are working on an updated samples package that demonstrates these, but in the meantime
You can add the following your IdentityModels.cs/Startup.Auth.cs with the new packages:
public class ApplicationUser : IdentityUser
public async Task GenerateUserIdentityAsync(UserManager manager)
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add custom user claims here
return userIdentity;
public class ApplicationDbContext : IdentityDbContext
public ApplicationDbContext()
: base("DefaultConnection")
public static ApplicationDbContext Create() {
return new ApplicationDbContext();
public class ApplicationUserManager : UserManager {
// Configure the application user manager
public ApplicationUserManager(IUserStore store) : base(store) {
public static ApplicationUserManager Create(IdentityFactoryOptions options) {
var manager = new ApplicationUserManager(new UserStore(options.Context.GetDbContext()));
//var manager = new ApplicationUserManager(new AzureStore());
manager.UserValidator = new UserValidator(manager) {
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
manager.PasswordValidator = new MinimumLengthValidator(6);
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null) {
manager.PasswordResetTokens = new DataProtectorTokenProvider(dataProtectionProvider.Create("PasswordReset"));
manager.UserConfirmationTokens = new DataProtectorTokenProvider(dataProtectionProvider.Create("ConfirmUser"));
return manager;
public static class OwinExtensions {
public static IAppBuilder UseDbContextFactory(this IAppBuilder app, Func createCallback) {
if (app == null) {
throw new ArgumentNullException("app");
if (createCallback == null) {
throw new ArgumentNullException("createCallback");
new IdentityFactoryOptions() {
Provider = new IdentityFactoryProvider() {
OnCreate = (options) => createCallback()
return app;
public static DbContext GetDbContext(this IOwinContext context) {
if (context == null) {
throw new ArgumentNullException("context");
return context.Get();
And the following goes into Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app) {
// Configure the db context and user manager to use per request
app.UseUserManagerFactory(new IdentityFactoryOptions() {
DataProtectionProvider = app.GetDataProtectionProvider(),
Provider = new IdentityFactoryProvider() {
OnCreate = ApplicationUserManager.Create
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(
validateInterval: TimeSpan.FromSeconds(5),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))