All geek questions in one place

ASP.NET MVC2 and MemberShipProvider: How well do they go together?

I have an existing ASP.NET application with many users and a large database. Now I want to have it in MVC 2. I do not want to migrate, I do it more or less from scratch. I want to save the database and not touch it too much.

I already have my database tables, and I also want to save LINQ to SQL-Layer. I did not use MemberhipProvider in my current implementation (in ASP.NET 1.0, which was not strongly supported).

So either I am writing my own Memberhipprovider to meet the needs of my database and application, or I am not using a membership provider at all.

I would like to understand the implications if I do not use a membership provider. What is the reason for this? I understand that ASP.NET Login-Controls are associated with a provider. The AccountModel function, which is automatically generated using MVC2, can be easily modified to support my existing logic.

What happens when a user authenticates with AuthCookie? Does MVC use MemberhipProvider?

Am I missing something? I have the same questions regarding RoleProvider.

Input is welcome.

+4
source share
3 answers

With MVC, it’s easy to get around the membership provider and role platform in general. Sometimes this is easier to do than implement specialized membership / role providers, in particular if your authn / authz model does not quite fit the forms of these providers.

First, you must understand that you do not need to write everything from scratch, you can use the basic form authentication API, which can be used regardless of the structure of the membership / role provider:

  • FormsAuthentication.SetAuthCookie - Call this after the user authenticate, specify the username
  • Request.IsAuthenticated - Returns true if SetAuthCookie was called
  • HttpContext.Current.User.Identity.Name - returns the username specified in the SetAuthCookie call

So here is what you do in MVC to bypass the Membership / Role provider:

  • Authentication In your controller, authenticate the user using your user logic. If successful, call FormsAuthentication.SetAuthCookie with the username.

  • Authorization : creating a custom authorize attribute (based on AuthorizeAttribute). in AuthorizeCore redefine, implement your custom authorization logic by taking the user in HttpContext.Current.User.Identity.Name and the roles defined in the Roles property of the base class AuthorizeAttribute. Note that you can also define authorization properties and use this in your authorization logic. For example, you can define a property that represents roles as enumerated values ​​specific to your application, instead of using the Roles property, which is just a string.

  • Attach your controllers and actions with the custom authorize attribute, instead of the standard permission attribute.

+4
source

Although you can most likely do this without a dedicated membership provider, I'm not sure that you will save so much effort. Until I read this blog post I thought it was difficult to implement one, but it really is not. You basically do this:

  • Create a class that inherits from System.Web.Security.MembershipProvider .
  • MembershipProvider is an abstract class, so you can easily show which methods should be implemented.
  • The names are pretty clear, so you can probably more or less copy your existing logic.

In this case, you can do more than you need, but on the other hand, everything you might want to use now or in the future, which requires a membership provider, will already fulfill its needs.

+1
source

The source SQLMembershipProvider is available here http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx . Take it as a basis.

At first it looks a bit, but you only need to implement the methods you need.

Yes used AuthCookie. Yes, it is a good idea to use MemberhipProvider, because it is well known to other developers.

There are thoughts that I don’t like: for example, it is impossible to have a transaction that covers the user's creation by a membership system and some other data in your own database. But still it works well.

+1
source

Source: https://habr.com/ru/post/1313112/

More articles:


All Articles