ASP.NET Identity provides two built-in extension methods for registering identity services:
AddIdentity<TUser, TRole>— adds UserManager, SignInManager, and RoleManagerAddIdentityCore<TUser>— adds only the UserManager
To include the SignInManager while excluding the RoleManager, you compose the pieces manually — just three lines of code. Here's what each built-in method registers:
The Final Composition
Start from AddIdentityCore and add back the missing pieces — SignInManager and default token providers:
AddSignInManager() registers the HttpContextAccessor, ISecurityStampValidator, and ITwoFactorSecurityStampValidator:
AddDefaultTokenProviders() registers the standard data protection and TOTP token providers:
Finally, AddUserStore registers the custom store implementation required by UserManager:
If configuring Identity to protect personal data (IdentityServer normalizes usernames and emails), you also need to implement ILookupProtector, ILookupProtectorKeyRing, and IPersonalDataProtector. For distributed deployments, ensure the key store is shared across instances — not on local disk.