Where should I store credentials

Thank you for your reply, but isn´t this class´ purpose only for encrypting and decrypting data with the dapi mechanism?

Hello Bernhard, thank you for your reply! The SMTP credentials are configured by an Administrator and not by the end user, so the SMTP is a global SMTP. Ok, and in case of an ASP.NET application, this would be the web.config, wouldn´t it be? To secure the configuration section would this be the appropriate way?

greetings Nico

Right that won´t work.

The IdentityDbContext has already all Identity related models defined. If you like to customize it, do it like I described it previously: Create a layer that is derived from UserStore, override all methods and fill them with you custom logic, and map the identity models to your custom models. AND VERY IMPORTANT: If you don´t want that the UserStore uses a default DbContext you have to define an invalid connection string in the constructor of the UserStore! greetings

No you have the IdentityDbContext in in your MVC application and in the DataAccess layer your regular DbContext.

I already did that, but it is very time-consuming and annoying. I created a layer to map the ASP.NET Identity models to my custom models and overrided all methods of the UserStore to implement my custom data access logic. Probably the easiest way is a second database context that is only responsible for the Identity system. greetings Nico

Hello folks, I want to store login credentials for a SMTP server which should be stored encrypted. In your opinion: Where should I store the credentials? How they should be secured? Why do you think should I use your suggestion? greetings Nico