I have a created a database on my SQLEXPRESS server called Database.
In this database are the default tables generated by mvc. They are:
UserProfile
webpages_Membershio
webpages_OAuthMembership
webpages_Roles
webpages_UsersInRoles
Now when i run my application I can register a user and login. and that works. So the application has access to these tables some how.
Now I am really struggling to write a view where i can add additional roles to the system.
How can I now access the database as well?
Sorry for the noob questions, But i have tried creating a dbclass under models and representing it there. But i am only having trouble and my thoughts are if the system can access it to log me in, cant i use the same method which it does?
I assume you are using SimpleMembership.
If so, why not check out the following article. Should give you some good pointers.
Adding Security and Membership to an ASP.NET Web Pages (Razor) Site
Related
I am new to MVC, Have created simple application (very basic, only 1 controller) & used Entity Framework as ORM.
There is form for Registration in application, when I fill up that form user is registered & able to login with those credentials.
But there is no table created in my Database, so my question is where this registration information is stored?
I know this need knowledge of May be Membership/forms authentication, but I don't know them also.
I tried to search google for this, but may be I am not able to predict what to search.
EDIT :
Following is tag of DefaultConnection
Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-AKShop-20140808100025.mdf
I think that standard DB was created for your membership. Probably at app_data\aspnetdb.mdf.
Before MVC 5, MembershipProvider or SimpleMembershipProvider by default, and data is persisted in (local) SQL server.
In MVC5, ASP.NET Identity 2.0 by default, and the data is persisted through Entity Framework which by default point to MS SQL, though it is easy to switch the persistence to other DB engines.
Identity 2.0 is quite new, and the official release is April this year, so this is why you got mixed info when searching the Internet. Nevertheless, if you have a green field MVC project, it might be better of to use MVC 5 and Identity 2.0.
I must have missed this somewhere (or slept through the class)... the standard ASP security tool for managing users and roles seems to be absent when using the new simple security version. That is, the original is there and working, just points to traditional ASP security... NOT to the new "simple" system.
In my project I can log in, I can look at the webpages_ tables but can find no method of accessing them in my project... I would be happy to manage roles and get the USERID and maybe ROLEID so I could tie the user to other functions in my project.
I've looked through hundreds of posts and articles... normally I find I am missing some minor config entry or something but this time I am a little more stuck.
Advice is appreciated.
Thanks!
SimpleMembership does not work with the Web Site Administration Tool (WSAT). There is a good overview of SimpleMembership in this blog. Here is a quote from it.
WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there:
Use the WebSecurity and OAuthWebSecurity API to manage the users and
roles.
Create a web admin using the above APIs.
Since SimpleMembership
runs on top of your database, you can update your users as you would
any other data - via EF or even in direct database edits (in
development, of course)
I would also add that you can seed some of this information at application start-up, such as what roles are available, as shown in this article.
Currently working on a web application in ASP.NET, MVC3 that allows people to view items, and change anything. This is with using my own database that I have created, but this I have found is good for generally viewing anything on the application but not good for security purposes to prevent them seeing particular things, and I do not want to waste my time removing tables and re-adding them.
So... Is there a way to communicate between the ASPNETDB and my own Database which would allow users to login to the web application but also sign up as a customer?
I would solve this using database roles, and only grant the appropriate roles to the user used to login to the two databases.
You have very granular control over what you want a db user to have access to.
Read up on databases and db roles
For some reason, the idea of setting up Membership in ASP.NET MVC seems really confusing.
Can anyone provide some clear steps to setup the requisite tables, controllers, classes, etc needed to have a working Membership provider?
I know that the Demo that MVC ships with has an Accounts controller. However, should I be using this in my own project? What do I need to get my existing database ready if so? If not, how do I learn what I need to do to implement a membership provider?
Check out this step by step blog on how to set up Membership provider in your asp.net mvc project. The sdk tool you need to get your database ready is aspnet_regsql.exe, you don't need to create a separate database to do that ( a lot of people think they have to provide a separate aspnet.db), you can run the command on your existing database, and it will create the tables, views, and stored procedures to handle the membership provider for you.
However, should I be using this in my
own project? What do I need to get my
existing database ready if so? If not,
how do I learn what I need to do to
implement a membership provider?
The benefit to use the default provider (SqlMembership provider) is to save yourself a lot of time. It involves a lot of work to design a complete membership and role provider.
Edit [2014-06-19] Asp.Net Identity Framework is Microsoft new recommendation to manage user sand permissions.
Check out this link:
https://github.com/TroyGoode/MembershipStarterKit
Most of the work is already done for you. Just download the sample project and run the aspnet_regsql.exe against your database.
check out my answer in this post;
membership
If you want to keep the membership provider that .Net creates for you then you can copy all the tables etc to another sql database and point the provider at it via the config file.
Post a comment if you need more than this.
I am creating an Asp.net MVC application and I'm currently using the built in Authentication/Authorization code that comes with the sample MVC app. For the most part this is working ok and I kinda understand what's going on.
What's concerning me though, is that now I kind of have my users stored in two different tables across two databases. i.e. I have users in my App's database that represent the "Customer" entity in the application, as well as the "User" in the Authentication database that's used to log in someone to the app.
Should I take the logged in user's User.Identity.Name value and do look up in my Customers table or should I merge them into one table? What's the best practice way of handling this?
Please forgive my ignorance - this is the first time I'm working with a system like this.
Any feedback is greatly appreciated!
It's helpful to think of credentials and the records that associate a person to application data as two very different things. Depending on the application, your Customer may not have credentials to log in or you may have an administrative User that logs in but isn't related to your application data.
Separate credentials are also useful if Users access more than one application with different rights for each.
For these reasons, I'd keep Customer and User separate and look one up from the other where appropriate.
You can extend the .Net Membership Provider to take all the information you want and post back in a single model I think.
See this one ASP.net Profiles and Membership - Custom Providers or should completely I roll my own?
And this one How to implement ASP.NET membership provider in my domain model