To set up the AWS Cognito for the registration/login flow, follow these steps:
First Flow: User Registration in Cognito1. Install the following NuGet packages in your .NET project:
<PackageReference Include="Amazon.AspNetCore.Identity.Cognito" Version="3.0.1" />
<PackageReference Include="Amazon.Extensions.Configuration.SystemsManager" Version="5.0.0" />
<PackageReference Include="AWSSDK.SecretsManager" Version="3.7.101.27" />
Declare AWS configuration values in appsettings:
"Region": "me-south-1",
"UserPoolClientId": "UserPoolClientId",
"UserPoolClientSecret": "UserPoolClientSecret",
"UserPoolId": "me-south-pool"
Additional Configuration
Add authentication in program/startup files to enable sign-in with Cognito.
2. Create a CognitoUserPool with a unique ID in the controller:
private readonly CognitoUserPool _pool;
private readonly CognitoUserManager<CognitoUser> _userManager;
var user = _pool.GetUser(registerUserRequest.LoginId);
3.Add user attributes (email, phone number, custom attributes) using user.Attributes.Add().
user.Attributes.Add(CognitoAttribute.Email.AttributeName, registerUserRequest.Email);
user.Attributes.Add(CognitoAttribute.PhoneNumber.AttributeName, registerUserRequest.Mobile);
user.Attributes.Add("custom:branch_code", registerUserRequest.BranchCode);
user.Attributes.Add("custom:preferred_mode", preferedMode);
4. Create the user:
cognitoResponse = await _userManager.CreateAsync(user, registerUserRequest.Password);
Check cognitoResponse.Succeeded to determine if the user was created successfully.
Second Flow: User Login with Cognito
1.Search for the user in Cognito using the login ID:
var cognitoUser = await _userManager.FindByIdAsync(loginUserRequest.LoginId);
2.Set a password for the Cognito model:
var authRequest = new InitiateSrpAuthRequest
{
Password = loginUserRequest.Password
};
3.Use StartWithSrpAuthAsync to get the session ID:
var authResponse = await cognitoUser.StartWithSrpAuthAsync(authRequest);
4.Add MFA method and validate using MFA auth if needed.
For MFA validation, set the MFA settings in Cognito:v
ar authRequest = new RespondToMfaRequest
{
SessionID = validateLoginUserRequest.SessionId,
MfaCode = validateLoginUserRequest.Otp,
ChallengeNameType = ChallengeNameType.SMS_MFA
};
authResponse = await cognitoUser.RespondToMfaAuthAsync(authRequest);
Extract tokens from Cognito:
authResponse.AuthenticationResult.IdToken
authResponse.AuthenticationResult.RefreshToken
Forgot Password Flow
1.Search for the user with LoginId in Cognito and call ForgotPasswordAsync:
var user = await _userManager.FindByIdAsync(loginUserRequest.LoginId);
await user.ForgotPasswordAsync();
2.Optionally, call ConfirmForgotPassword method in Cognito.
_userManager.ConfirmForgotPassword(userID, token, newPassword, CancellationToken cancellationToken)
Here, understanding AWS Cognito Authentication Methods and Utilizing Them as Needed.
I'm working as a Software Developer at MagnusMinds IT Solution. I bring 3+ years of professional experience to the table. My expertise spans a range of technologies, including .NET Framework, .NET Core, MVC, ASP.NET, Entity Framework, ADO.NET, SQL, PostgreSQL, C#, Azure DevOps, and Microservices.