Add profile management to STS, change int to default guid for Identity

[skoruba]

• Add profile management - Account linking, Password reset, Two-Factor Authentication (2FA)
• Add support for Sendgrid
• Change int to default guid for Identity
• Add editing mode for Picker component

[xmichaelx]

Some issue with cookies not being cleaned up after password reset but other than that everything seems to work - we can check that issue out on dev branch.

[duki994]

@skoruba @xmichaelx

String is actually default not because of GUID, but because of different built-in types across diferent SQL databases. Any type of key can be cast from string and checked if they are valid integers or any other type across myriad of languages.

DBs create primary keys with varchar/nvarchar (or whatever type is for string with all possible characters support). SQL Server creates nvarchar(450) PK for default string PK's in identity.

Then multiple tables with same ID become unsuitable for clustered indexes (ref dotnet/aspnetcore#5757)

Automatically, some data may not be saved due to index size violations and stuff like that.

I know this seems very philosophical, but these violations are common with SQL Server due to large indexes.

Commonly logging behavior of each user login can create large data-sets. And for better SQL performance clustered index may be viable. SQL Server has 900-byte constraint on this. And kaboom.
Perfectly legal data becomes unsaveable due to clustered index size constraint.

This should be added in docs, or at least a reference to dotnet/aspnetcore#5757
so a user is notified of possible shortcomings of this type of key on some datastores

[skoruba]

@duki994 - Thank you for good points!

[duki994]

@xmichaelx

Some issue with cookies not being cleaned up after password reset but other than that everything seems to work - we can check that issue out on dev branch.

You have to use SignInManager SignOutAsync to sign out async.

HttpContext SignOutAsync should sign-out all authentication schemes.
EDIT 1:
I was very wrong. HttpContext SignOutAsync is signing out only DefaultAuthenticationScheme.

BUT (a big but)
ASP.NET Identity uses internally it's own authentication scheme so HttpContext.SignOutAsync won't work (weird and wrong from my point of view, but that's how it is) (see EDIT 1).

That's reason why SignInManager and SignOutAsync actually exist in ASP.NET Identity.
So you need to call explicitly SignInManager's SignOutAsync, as it will sign out it's own scheme.

dotPeek and many IL decompilers have witnessed how much time many of my colleagues and I lost on this issue.
So this should be documented too save innocent developer from inferno of multiple auth schemes and multiple "same" implementations :)

Found the issue while writing comment: DuendeArchive/IdentityServer4#2087

I will do a PR on weekend to add this stuff to docs.
Simple, yet very much time saving for someone using and/or modifying this solution.

[skoruba]

@duki994 - We are using await _signInManager.SignOutAsync();