I must have missed this somewhere (or slept through the class)... the standard ASP security tool for managing users and roles seems to be absent when using the new simple security version. That is, the original is there and working, just points to traditional ASP security... NOT to the new "simple" system.
In my project I can log in, I can look at the webpages_ tables but can find no method of accessing them in my project... I would be happy to manage roles and get the USERID and maybe ROLEID so I could tie the user to other functions in my project.
I've looked through hundreds of posts and articles... normally I find I am missing some minor config entry or something but this time I am a little more stuck.
Advice is appreciated.
Thanks!
SimpleMembership does not work with the Web Site Administration Tool (WSAT). There is a good overview of SimpleMembership in this blog. Here is a quote from it.
WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there:
Use the WebSecurity and OAuthWebSecurity API to manage the users and
roles.
Create a web admin using the above APIs.
Since SimpleMembership
runs on top of your database, you can update your users as you would
any other data - via EF or even in direct database edits (in
development, of course)
I would also add that you can seed some of this information at application start-up, such as what roles are available, as shown in this article.
Related
I have a an ASP.NET MVC5 project using Entity Framework. I have all the regular membership entities (AspNetUser, AspNetRole, ...). In the RoR or Django world we can add admin views extremely easily and I wonder if the ASP.NET MVC eco-system has anything similar to offer.
I'm thinking about admin views for tasks as listing users, editing user's roles, changing user fields, etc. within the standard membership realm.
I know I could scaffold views (with more plumbing code than what I'd use with Django), but I'm pretty sure I wouldn't be the first one who'd create views for managing users for standard ASP.NET MVC membership setup. I made more than enough Google searches, but I only find articles about the membership provider system.
Ideally I'm looking for a NuGet package.
I'm afraid currently we don't have one but you can use https://code.msdn.microsoft.com/ASPNET-MVC-5-Security-And-44cbdb97 project to work as your administration.
Though I asked few questions about the how to use membership providers with ASP.NET MVC 4 but hardly got any response. It is taking me time (as a newbie) to get started with membership providers in ASP.NET MVC 4. I have been reading article, trying stuff but that only added to the confusion rather than helping.
What would be the answers to the following queries by a beginner:
I want to try all the membership providers (including the simple membership provider) before deciding which one should I use for which project. What membership providers can I use with ASP.NET MVC 4 and How can I configure each one of it. Any documentation or links?
Though the internet template comes with pre-configured Account controller which sets the membership functionality, but how can I add membership functionality to the basic template. What steps should I follow in order to configure membership using membership providers (I assume there will be different set of steps/configuration/settings for different membership provider).
Running the ASP.NET MVC 4 project created with internet project template (without making any changes to it) create 5 tables in the database namely UserProfile, webpages_Membership, webpages_OAthMembership, webpages_Roles, webpages_UsersInRoles). In AccountModel.cs I see definition for only one, UserProfile. Where are the other tables defined. Do I always need to have all these tables in database in order to use membership. Can I customize them, rename them or choose not to use some of them?
I do not see any membership configuration in web.config for the internet project template yet is using membership. In some of the articles tutorial I saw people configuring it by adding <membership></membership> to web.config. When do I need to add configuration settings to web.config and when do I need not?
I think membership providers are meant to make developers life easy yet for me it is making it more difficult.
I know I really need to study it and that's what I am trying for the last 7, 8 days but unable to figure out.
Any help, links (hopefully not those which I went through many times) are more than welcome.
I agree with you, the guidance around what membership types do what just sucks.
You can use any of the providers with ASP MVC. The default template in Visual Studio that is the Internet MVC app is the only one that uses SimpleMembership.
Good question, I've not found any explicit, decent documentation on that at all. As far as I can tell most of the membership things are setup very similar.
At least SimpleMembership will create the needed DB tables that are required if they do not exist. I think the only one you can really customize is your user table.
I think like the sql tables, the membership tags in the web.config are implied. If you accept the defaults they magically work.
Best link I've found is this
http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties/
In that post there are two others that are helpful as well.
For question 3, I tried something and it turned out that:
Yes: You can add new columns to UserProfile (and all other tables, I guess)
No: You cannot rename the table, even if u have modified the codes in AccountModels to match new table names.
In this case, a set of tables with old names will be created again when you launch application. And all codes provided by MVC4(MembserShip, WebSecurity, Users, Roles....) will used the old tables.
And, I have never found any information about how to rename these tables.
For some reason, the idea of setting up Membership in ASP.NET MVC seems really confusing.
Can anyone provide some clear steps to setup the requisite tables, controllers, classes, etc needed to have a working Membership provider?
I know that the Demo that MVC ships with has an Accounts controller. However, should I be using this in my own project? What do I need to get my existing database ready if so? If not, how do I learn what I need to do to implement a membership provider?
Check out this step by step blog on how to set up Membership provider in your asp.net mvc project. The sdk tool you need to get your database ready is aspnet_regsql.exe, you don't need to create a separate database to do that ( a lot of people think they have to provide a separate aspnet.db), you can run the command on your existing database, and it will create the tables, views, and stored procedures to handle the membership provider for you.
However, should I be using this in my
own project? What do I need to get my
existing database ready if so? If not,
how do I learn what I need to do to
implement a membership provider?
The benefit to use the default provider (SqlMembership provider) is to save yourself a lot of time. It involves a lot of work to design a complete membership and role provider.
Edit [2014-06-19] Asp.Net Identity Framework is Microsoft new recommendation to manage user sand permissions.
Check out this link:
https://github.com/TroyGoode/MembershipStarterKit
Most of the work is already done for you. Just download the sample project and run the aspnet_regsql.exe against your database.
check out my answer in this post;
membership
If you want to keep the membership provider that .Net creates for you then you can copy all the tables etc to another sql database and point the provider at it via the config file.
Post a comment if you need more than this.
How would you handle membership in an ASP.NET MVC application? Using any external libraries? How would you do OpenID log in? username log in? email log in? any other that is worth looking into? Maybe all of them mixed into the application?
It seems ASP.NET comes with some pre-build user database (I'm totally new to .Net). The NerdDinner example uses it but then it makes the foreign keys use the username. That doesn't sound very good. Do you use this schema of two separate databases or only one? What do you use as the foreign key, any IDs?
I've found ASP.Net MVC Membership, anybody using it? does it work well? can it be expected to be maintained?
Membership Providers are not new to ASP.Net MVC, they were introduced with ASP.Net 2.0.
The Membership Provider model is simply an abstraction layer between your application and whatever source you are authenticating your users against. You can switch providers easily by simply changing your web.config file.
It is easy to write a membership provider, there are many walkthroughs on the web. Typically you would do so if you were using a database that used a different schema than the default examples that come with ASP.Net (which is most of the time). The foreign keys on the username thing in the NerdDinner example is a simplistic example that you would rarely see on any real-world databases.
I would highly recommend using the Membership model. Controls like the Login control are built to make use of it, and it is well-designed and makes it easy to change or combine different login methods for your application. If you want to use OpenID, a quick google search brought up this OpenID Membership Provider.
I am creating an Asp.net MVC application and I'm currently using the built in Authentication/Authorization code that comes with the sample MVC app. For the most part this is working ok and I kinda understand what's going on.
What's concerning me though, is that now I kind of have my users stored in two different tables across two databases. i.e. I have users in my App's database that represent the "Customer" entity in the application, as well as the "User" in the Authentication database that's used to log in someone to the app.
Should I take the logged in user's User.Identity.Name value and do look up in my Customers table or should I merge them into one table? What's the best practice way of handling this?
Please forgive my ignorance - this is the first time I'm working with a system like this.
Any feedback is greatly appreciated!
It's helpful to think of credentials and the records that associate a person to application data as two very different things. Depending on the application, your Customer may not have credentials to log in or you may have an administrative User that logs in but isn't related to your application data.
Separate credentials are also useful if Users access more than one application with different rights for each.
For these reasons, I'd keep Customer and User separate and look one up from the other where appropriate.
You can extend the .Net Membership Provider to take all the information you want and post back in a single model I think.
See this one ASP.net Profiles and Membership - Custom Providers or should completely I roll my own?
And this one How to implement ASP.NET membership provider in my domain model