Using SimpleMembership with multiple applications and OAuthWebSecurity - asp.net-mvc

We are looking to move our application to using the new SimpleMembership included in ASP.NET MVC 4 but we currently have multiple applications using the AspNet_Applications table of the old membership provider.
The reasons we are looking to move are the obvious ones, SimpleMembership is much smaller and we can map directly to our user table and also we want to start using OAuthWebSecurity.
Is there anyway to introduce this support by either extending SimpleMembershipProvider or even ExtendedMembershipProvider to allow multiple applications in the same database.
Alternatively should we just write our own membership which we can then use OAuthWebSecurity with without it using the webpages_ tables?

Would prefixing the username with an application name work?
Instead of user#example.com you would have 5|user#example.com or whatever format you chose. As long as you do this every time you read or write to the SimpleMembership table you'd be fine.
Create your own little abstration wrapper and I think you should be good to go. If you find any issues would be interested to hear them since I'm considering doing this myself too.

Related

New MVC 4 project based off ASP.net web forum application that uses Subsonic as ORM...where to start....?

I have been given the task of trying to convert our company's existing ASP.NET Web Forms application into an MVC 4 application (as an R&D starting project). I have a little experience with MVC 2, but my issue is trying to actually get started. We have existing stored procedures that we access via Subsonic as our ORM (so that they can be called in our code). We also have a Data Access Layer that is tied in with Subsonic.
I know this is kind of a vauge question, but is there a known way I can use our existing stored procs and tables with a different ORM (such as NHibernate or something) to start creating this MVC application?
Thanks for any help provided.
There should be no reason that the SP's need to change just because the ORM changes; you may want to to improve some of what you are doing and rewrite some of them, but not because the ORM changed.

How can I use the same encryption that asp.net mvc4 uses?

Yes hashing is better but...
So I knew I would regret this but here we go. I started a new project and decided I would use the built-in Microsoft membership stuff in MVC 4 (BasicMembership) so that I didn't have to write the registration, login, oauth, etc...
Now I want to modify some of this behavior and use as much best practice as possible. This came about because I decided I would need to associate multiple users under 1 parent (company) - I know I can do all of the work in the controller and still accomplish this, but that is not my desire.
Here is my problem/desire:
1.) I want to create the entries in SQL tables UserProfile/WebPages_Membership myself. I want to do this in my repository and I don't want it to be coupled to ASP.NET. The problem is that MVC is encrypting the password via IMembershipAdapter that I do not have access to. How can I use the same encryption key to encrypt the data so that I can accomplish #2?
2.) I dont want to re-invent the wheel entirely so I would still like to use some of the features such as:
WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe)
3.) I don't want my business logic in the controller! While I am working at the repo level, all of the orchestration will take place in the business tier.
Thanks for taking the time to read my post :-)
First of all did you look at: ASP.NET MembershipProvider -- How exactly does it do encryption?
Second thig maybe use something already done like: CodeFirst Membership Provider it allows you to create own tables using EF code first.

MCV4 And Enitiy Framework. Without been able to directly connect to the database

I have a very strange situation which I am currently faced with. I have been passed a project to uplift a website to use MVC4 & the enitiy framework. However due to the way that the original implementation was undertaken the database access is not direct from the website it's handed to a separate middle-ware application which we pass the name of a sql transaction we would like to have executed & the required parameters, this then returns us a datatable object.
My Question is this Without having to remove this middle-ware process could I create a MVC4 App with the use of the enitiy framework?
You can certainly create an MVC4 app - you'll just have to create a custom model - but I would suggest that even if using EF is possible, it will be more effort than it is worth, and involve too many compromises and hacks.

Adopting the "aspnet_ ..." sql tables from ASP.NET MVC

I'm just starting a new project on ASP.NET MVC and this will be the first project actually using this technology. As I created my new project with Visual Studio 2010, it created to my sql server a bunch of tables with "aspnet_" prefix. Part of them deal with the built-in user accounts and permission support.
Now, I want to keep some specific information about my users. My question is "Is it a good practice changing the structure of this aspnet_ tables, to meet my needs about user account's information?".
And as i suppose the answer is "No." (Why exactly?), I intend to create my own "Users" table. What is a good approach to connect the records from aspnet_Users table and my own custom Users table.
I want the relationship to be 1:1 and the design in the database to be as transparent as possible in my c# code (I'm using linq to sql if it is important). Also, I don't want to replicate the usernames and passwords from the aspnet_ tables to my table and maintain the data.
I'm considering using a view to join them. Is this a good idea?
Thanks in advance!
EDIT: From the answer, I see that I may not be clear enough, what I want. The question is not IF to use the default asp.net provider, but how to adopt it, to my needs.
I would create custom membership provider and omit those aspnet_x tables completely. I've seen what happens when one joins these tables and custom ones with nhibernate mappings - pure nightmare.
If you are choosing to use the Membership API for your site, then this link has information regarding how to add extra information to a user.
I was faced with the same scenario recently and ended up ditching the membership functionality and rolled my own db solution in tandem with the DotNetOpenAuth library.
Using the membership system in asp.net has its advantages and drawbacks. It's easy to start, because you don't have to worry about validation, user registration, resetting passwords. (Be careful if you plan to modify the table structures, you will have to change them in the views/store procedures generated
However there are drawbacks to using Membership
You will have to maintain 2 separated systems, because the Membership API has restrictions, for example, you cannot perform operations inside a transaction with the membership api. (Unless you use TransactionScope i think, but you don't have other choices).
A valid alternative would be to implement your own security validation routines, and using FormsAuthentication. This way you will have total control over your users tables, and remove dependency to the membership API.

How to handle membership in an ASP.NET MVC application?

How would you handle membership in an ASP.NET MVC application? Using any external libraries? How would you do OpenID log in? username log in? email log in? any other that is worth looking into? Maybe all of them mixed into the application?
It seems ASP.NET comes with some pre-build user database (I'm totally new to .Net). The NerdDinner example uses it but then it makes the foreign keys use the username. That doesn't sound very good. Do you use this schema of two separate databases or only one? What do you use as the foreign key, any IDs?
I've found ASP.Net MVC Membership, anybody using it? does it work well? can it be expected to be maintained?
Membership Providers are not new to ASP.Net MVC, they were introduced with ASP.Net 2.0.
The Membership Provider model is simply an abstraction layer between your application and whatever source you are authenticating your users against. You can switch providers easily by simply changing your web.config file.
It is easy to write a membership provider, there are many walkthroughs on the web. Typically you would do so if you were using a database that used a different schema than the default examples that come with ASP.Net (which is most of the time). The foreign keys on the username thing in the NerdDinner example is a simplistic example that you would rarely see on any real-world databases.
I would highly recommend using the Membership model. Controls like the Login control are built to make use of it, and it is well-designed and makes it easy to change or combine different login methods for your application. If you want to use OpenID, a quick google search brought up this OpenID Membership Provider.

Resources