.NET Core Identity as UI canceling Register

Unfortunately the other two answers are incorrect - the question is actually referring to the new AddDefaultIdentity() extension which uses Razor pages to serve up a default UI. The answer that does address this will not remove the register functionality as requested in the question.

Background

AddDefaultIdentity works in a similar way to AddIdentity but also includes a call to AddDefaultUI which gives your app access to the new Identity razor views (currently 28 of them), these are in a new razor class library. Note that this is not the only difference between AddDefaultIdentity and AddIdentity (see later).

In order to change the default views you need to override ("scaffold") the views in your project and you can then amend them. If you do not override the views, or if you override them and then delete the cshtml files you will simply go back to the default UI versions! Even if you remove the links to e.g. register, the user can still navigate to the default register view if they guess the URL.

Option 1 - Override Views

If you want to keep some of the default views and amend or remove others, you can override views as follows (from this doc):

1. Right-click on your project > Add > New Scaffolded Item
2. From the left pane of the Add Scaffold dialog, select Identity > Add
3. In the Add Identity dialog, select the options you want

You can now either simply change the look and functionality of the view you have overridden, or to "remove" it you can have it return a 404 or redirect somewhere else. If you delete this overridden view the default UI will come back!

This approach can get messy quickly if you want to override all of the views.

Option 2 - Don't Add Default UI

Another option is to go back to the old way of adding identity which does not make a call to AddDefaultUI, the downside is that you will need to add all views yourself. You can do this as follows (from this doc - although ignore the first line about overriding all views, that applies to option 1 above):

//remove this: services.AddDefaultIdentity<IdentityUser>()
//use this instead to get the Identity basics without any default UI:
services.AddIdentity<IdentityUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

//this assumes you want to continue using razor views for your identity UI
//it specifies areas can be used with razor pages and then adds an 
//authorize filter with a default policy for the folder /Account/Manage and
//the page /Account/Logout.cshtml (both of which live in Areas/Identity/Pages)
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
    .AddRazorPagesOptions(options =>
    {
        options.AllowAreas = true;
        options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
        options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
    });

//configures the application cookie to redirect on challenge, etc.
services.ConfigureApplicationCookie(options =>
{
    options.LoginPath = $"/Identity/Account/Login";
    options.LogoutPath = $"/Identity/Account/Logout";
    options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
});

//configures an email sender for e.g. password resets
services.AddSingleton<IEmailSender, EmailSender>();

Note that I'm not 100% convinced this second approach is without problems either, as mentioned above there are other differences between AddDefaultIdentity and AddIdentity. For example the latter adds the RoleManager service whereas the former does not. Also, it's unclear to me if both of these approaches will be supported and maintained equally going forward.

If in doubt about what the above options are doing (and if you have a few hours to kill) you can look at the source for AddDefaultIdentity (which also calls AddIdentityCookies and AddIdentityCore) compared to the older AddIdentity.

Option 3 - Hybrid Approach

The best option currently is probably to combine the previous 2, in the following way:

1. Set up your project to use default identity
2. Scaffold just the views you want to include and edit them accordingly
3. Switch to the old AddIdentity call and include the razor options as shown in option 2 (adjusting as necessary depending on which views you've included

You now have just the views you want and they are based on the default implementations meaning most of the work is done for you for these views.

For ASP.NET Web Pages, this is an add on for the answer earlier to include ASP.Net razor Web Pages. I have separated these as if someone was to need them and not to get confused with each other. Web Pages is different as it includes code behind as web forms did.

First You will edit the Pages > _LoginPartial.cshtml

Remove line <li><a asp-page="/Account/Register">Register</a></li>

Next Edit Pages > Account > Login.cshtml. Remove the following:

                <div class="form-group">
                <p>
                    <a asp-page="./ForgotPassword">Forgot your password?</a>
                </p>
                <p>
                    <a asp-page="./Register" asp-route-returnUrl="@Model.ReturnUrl">Register as a new user</a>
                </p>
            </div>

Also remove:

<div class="col-md-6 col-md-offset-2">
    <section>
        <h4>Use another service to log in.</h4>
        <hr />
        @{
            if ((Model.ExternalLogins?.Count ?? 0) == 0)
            {
                <div>
                    <p>
                        There are no external authentication services configured. See <a href="https://go.microsoft.com/fwlink/?LinkID=532715">this article</a>
                        for details on setting up this ASP.NET application to support logging in via external services.
                    </p>
                </div>
            }
            else
            {
                <form asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
                    <div>
                        <p>
                            @foreach (var provider in Model.ExternalLogins)
                            {
                                <button type="submit" class="btn btn-default" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
                            }
                        </p>
                    </div>
                </form>
            }
        }
    </section>
</div>

Now edit the code behind Login.cshtml.cs

Remove:

public IList<AuthenticationScheme> ExternalLogins { get; set; }

Also Remove:

// Clear the existing external cookie to ensure a clean login process
        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

        ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();

Edit Pages > Account > Manage > _ManageNav.cshtml

Remove:

    @if (hasExternalLogins)
{
    <li class="@ManageNavPages.ExternalLoginsNavClass(ViewContext)"><a asp-page="./ExternalLogins">External logins</a></li>
}

Next we will remove the following files from the Pages > Account directory:

• ExternalLogin.cshtml
• ForgotPassword.cshtml
• ForgotPasswordConfirmation.cshtml
• Register.cshtml
• ResetPassword.cshtml
• ResetPasswordConfirmation.cshtml

Remove the following files from the Pages > Account > Manage directory:

• ExternalLogin.cshtml

This is the official docs way of doing this.

Disable user registration

Taken from the docs:

• Scaffold Identity. Include Account.Register, Account.Login, and Account.RegisterConfirmation

  dotnet aspnet-codegenerator identity -dc RPauth.Data.ApplicationDbContext --files "Account.Register;Account.Login;Account.RegisterConfirmation"
  

• Update Areas/Identity/Pages/Account/Register.cshtml.cs so users can't register from this endpoint:

  public class RegisterModel : PageModel
  {
    public IActionResult OnGet()
    {
      return RedirectToPage("Login");
    }
  
    public IActionResult OnPost()
    {
      return RedirectToPage("Login");
    }
  }
  

• Update Areas/Identity/Pages/Account/Register.cshtml to be consistent with the preceding changes:

  @page
  @model RegisterModel
  @{
      ViewData["Title"] = "Go to Login";
  }
  
  <h1>@ViewData["Title"]</h1>
  
  <li class="nav-item">
      <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Login">Login</a>
  </li>
  

• Comment out or remove the registration link from Areas/Identity/Pages/Account/Login.cshtml

• Update the Areas/Identity/Pages/Account/RegisterConfirmation page.

  • Remove the code and links from the cshtml file.

  • Remove the confirmation code from the PageModel:

    [AllowAnonymous]
    public class RegisterConfirmationModel : PageModel
    {
      public IActionResult OnGet()
      {  
        return Page();
      }
    }
    

NOTE: This will also add the default identity db context to your project. If you already have a db context, make sure to remove the one added by the scaffolding.

I am assuming you are talking about a Model-View-Controller web application. I can tell you it is not safe to just remove the button or even the views for such.

I am also assuming you would like to remove 3rd party login that would also create a registered user.

I would do the following:

In your account controller remove the following

[HttpGet]
    [AllowAnonymous]
    public IActionResult Register(string returnUrl = null)
    {
        ViewData["ReturnUrl"] = returnUrl;
        return View();
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null)
    {
        ViewData["ReturnUrl"] = returnUrl;
        if (ModelState.IsValid)
        {
            var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
            var result = await _userManager.CreateAsync(user, model.Password);
            if (result.Succeeded)
            {
                _logger.LogInformation("User created a new account with password.");

                var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
                var callbackUrl = Url.EmailConfirmationLink(user.Id, code, Request.Scheme);
                await _emailSender.SendEmailConfirmationAsync(model.Email, callbackUrl);

                await _signInManager.SignInAsync(user, isPersistent: false);
                _logger.LogInformation("User created a new account with password.");
                return RedirectToLocal(returnUrl);
            }
            AddErrors(result);
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

Also in the Account Controller further down remove the following:

[HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public IActionResult ExternalLogin(string provider, string returnUrl = null)
    {
        // Request a redirect to the external login provider.
        var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { returnUrl });
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
        return Challenge(properties, provider);
    }

    [HttpGet]
    [AllowAnonymous]
    public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
    {
        if (remoteError != null)
        {
            ErrorMessage = $"Error from external provider: {remoteError}";
            return RedirectToAction(nameof(Login));
        }
        var info = await _signInManager.GetExternalLoginInfoAsync();
        if (info == null)
        {
            return RedirectToAction(nameof(Login));
        }

        // Sign in the user with this external login provider if the user already has a login.
        var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
        if (result.Succeeded)
        {
            _logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
            return RedirectToLocal(returnUrl);
        }
        if (result.IsLockedOut)
        {
            return RedirectToAction(nameof(Lockout));
        }
        else
        {
            // If the user does not have an account, then ask the user to create an account.
            ViewData["ReturnUrl"] = returnUrl;
            ViewData["LoginProvider"] = info.LoginProvider;
            var email = info.Principal.FindFirstValue(ClaimTypes.Email);
            return View("ExternalLogin", new ExternalLoginViewModel { Email = email });
        }
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> ExternalLoginConfirmation(ExternalLoginViewModel model, string returnUrl = null)
    {
        if (ModelState.IsValid)
        {
            // Get the information about the user from the external login provider
            var info = await _signInManager.GetExternalLoginInfoAsync();
            if (info == null)
            {
                throw new ApplicationException("Error loading external login information during confirmation.");
            }
            var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
            var result = await _userManager.CreateAsync(user);
            if (result.Succeeded)
            {
                result = await _userManager.AddLoginAsync(user, info);
                if (result.Succeeded)
                {
                    await _signInManager.SignInAsync(user, isPersistent: false);
                    _logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
                    return RedirectToLocal(returnUrl);
                }
            }
            AddErrors(result);
        }

        ViewData["ReturnUrl"] = returnUrl;
        return View(nameof(ExternalLogin), model);
    }

also remove

[HttpGet]
    [AllowAnonymous]
    public IActionResult ForgotPassword()
    {
        return View();
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
    {
        if (ModelState.IsValid)
        {
            var user = await _userManager.FindByEmailAsync(model.Email);
            if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
            {
                // Don't reveal that the user does not exist or is not confirmed
                return RedirectToAction(nameof(ForgotPasswordConfirmation));
            }

            // For more information on how to enable account confirmation and password reset please
            // visit https://go.microsoft.com/fwlink/?LinkID=532713
            var code = await _userManager.GeneratePasswordResetTokenAsync(user);
            var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, code, Request.Scheme);
            await _emailSender.SendEmailAsync(model.Email, "Reset Password",
               $"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>");
            return RedirectToAction(nameof(ForgotPasswordConfirmation));
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

    [HttpGet]
    [AllowAnonymous]
    public IActionResult ForgotPasswordConfirmation()
    {
        return View();
    }

    [HttpGet]
    [AllowAnonymous]
    public IActionResult ResetPassword(string code = null)
    {
        if (code == null)
        {
            throw new ApplicationException("A code must be supplied for password reset.");
        }
        var model = new ResetPasswordViewModel { Code = code };
        return View(model);
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }
        var user = await _userManager.FindByEmailAsync(model.Email);
        if (user == null)
        {
            // Don't reveal that the user does not exist
            return RedirectToAction(nameof(ResetPasswordConfirmation));
        }
        var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
        if (result.Succeeded)
        {
            return RedirectToAction(nameof(ResetPasswordConfirmation));
        }
        AddErrors(result);
        return View();
    }

    [HttpGet]
    [AllowAnonymous]
    public IActionResult ResetPasswordConfirmation()
    {
        return View();
    }

Now under Models you can delete the following files:

• ExternalLoginViewModel
• ForgotPasswordViewModel
• RegisterViewModel
• ResetPasswordViewModel

Under Views i would remove:

• ConfirmEmail
• ExternalLogin
• ForgotPassword
• ForgotPasswordConfirmation
• Register
• ResetPassword
• ResetPasswordConfirmation

Also under Account views edit Login.cshtml and remove the following:

                <div class="form-group">
                <p>
                    <a asp-page="./ForgotPassword">Forgot your password?</a>
                </p>
                <p>
                    <a asp-page="./Register" asp-route-returnUrl="@Model.ReturnUrl">Register as a new user</a>
                </p>
            </div>

Also remove:

<div class="col-md-6 col-md-offset-2">
    <section>
        <h4>Use another service to log in.</h4>
        <hr />
        @{
            if ((Model.ExternalLogins?.Count ?? 0) == 0)
            {
                <div>
                    <p>
                        There are no external authentication services configured. See <a href="https://go.microsoft.com/fwlink/?LinkID=532715">this article</a>
                        for details on setting up this ASP.NET application to support logging in via external services.
                    </p>
                </div>
            }
            else
            {
                <form asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
                    <div>
                        <p>
                            @foreach (var provider in Model.ExternalLogins)
                            {
                                <button type="submit" class="btn btn-default" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
                            }
                        </p>
                    </div>
                </form>
            }
        }
    </section>
</div>

Now under your Shared Views open _LoginPartial.cshtml and delete the following:

<li><a asp-area="" asp-controller="Account" asp-action="Register">Register</a></li>

Under Manage Views _ManageNav.cshtml delete the following:

    @if (hasExternalLogins)
{
    <li class="@ManageNavPages.ExternalLoginsNavClass(ViewContext)"><a asp-action="ExternalLogins">External logins</a></li>
}

Now even if you go to the URL yourapp.com/Account/Register you will get a 404 page.

Hope this helps.

I had a similar problem but I wanted to disable the entire /Identity/Account pages and I added the following code in my configure of the Startup.cs file.

app.Use(async (context, next) =>
{
    if (context.Request.Path.Value.ToLower().StartsWith("/identity/account"))
    {
        context.Response.StatusCode = 404; //Not found
        return;
    }
    await next();
});

For your problem you can just disable the registration form using the following code that I have not tested but I guess that it is going to work.

app.Use(async (context, next) =>
{
    if (context.Request.Path.Value.ToLower().StartsWith("/identity/account/register"))
    {
        context.Response.StatusCode = 404; //Not found
        return;
    }
    await next();
});

This code checks the request path and in case it starts with /identity/account/register it returns the status code 404 Not Found