I started my project using ASP.NET SIMPLE MEMBERSHIP. Now I have the necessity to create a WPF application which can add users to SIMPLEM MEMBERSHIP tables.
In the ASP.NET, I've identified that this is the function to create new accounts:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
What would you suggest to implement this feature in a desktop application. I was thinking creating a WCF Web Service, but I don't know how difficult could be creating it.
You could use WCF but probably the simplest solution is to include the Asp.net Simple Membership Tables as part of an Entity Framework Model and use the model from within your WPF app. Check out this post for more details.
That would, of course, require direct access to your SQL Server and either a SQL Server account with access to the tables referenced from the EF model would have to be used or the app users would have to have access to the SQL Server through integrated security (if using mixed mode authentication with your SQL Server).
Why bother?
I would simply have yours users go to a link and register for an account online through an asp.net page. Once registered, offer the WPF/windows client as a download. This stuff is already pretty much all built-in.
That link might help: http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
Related
This is not like other questions you might find similar. My issue is way bigger.
Scenario:
I have 3 websites. All of them have a common database for authentication and stuff.
Problem is that i will need to expand to 2 more sites, which means more maintenance in login screens and so on. So i will dedicate time to make a "central website" to manage users, access, etc.
Also, Need to implement OpenId for Microsoft Works accounts (ie, Azure tenants).
DDBB User Model: (Simplified)
All users are in the same central database. Which does not contains
anything non-user related.
User is personal on all applications.
Users can have different Roles
Each "User-Role" is mapped to an application, a server and a
database.
Problem:
Created a site in AspNet Core, without any authentication done so I can do it myself since I found that mapping Aspnet Identity tables was no-go because of incopatibilities and overriding is way to complicated, specially when dealing with Managers.
So, Tried and got working a simple Authentication page using HttpContext.Authentication.SignInAsync and CookieAuthentication. Which works well and there is no need to use any of the Identity's implementation (which is not compatible with my backend).
But then I added UseOpenIdConnectAuthentication to have the OpenId auth, but I have no idea how to use it since its suposed to work out of the box when using Identity and when checked documentation they use this code in an controller action: signInManager.ConfigureExternalAuthenticationProperties and I do not have any SignInManager since Im not using Aspnet Identity.
Questions:
Is coping the source of ConfigureExternalAuthenticationProperties to make it work in my site an aceptable solution?
Should I continue to override all SignInManager methods and also probably implement other classes to make Aspnet Identity work with my model?
Tried Mapping the properties to my columns just to test it out and it gave me non debuggable errors, which i dont like to even think about the problems this can give me in the future. For example one error was that it coudnt parse byte[] to string.
How can I implement Microsoft Work Accounts authentication and Database authentication in the same AspNet Site?
Bonus topic
Recently I feel like programming is becoming Configuring instead of coding. Is it just me? Are we now Professional Configurers?
Thanks
My web database server is being moved from the DMZ to the company LAN (don't ask why!). The downside of this is that my MVC 4 website is now gonna have to talk to an app server with web services (or web api) to get to the database. This isn't a major headache for most of my stuff, but I'm using the SimpleMembershipProvider for user authentication and that seems to need direct access to the database.
Is there any way to get SimpleMembership to talk to a web service or do I have to use a custom membership provider instead ?
I'm faced with the same situation, and while I haven't written or tested the code yet, I'll be writing a class to inherit from SimpleMembershipProvider and overriding the methods to call methods from the service (web api).
Is this the approach you ended up using?
I need to set up an asp.net mvc website in which all user information is to be stored in mysql database and user authentication needs to implemented. The MySql database on located on a web hosting.
Till now, I have only relied on the default asp.net mvc project provided in visual studio and do not know much on how to setup membership and login functionality for a website.
Can anyone please advice where to start looking.
Thanks.
Here is a link with custom membership providers for MySql.
You will have to register them in Web.Config. Linked article explains well though.
When in doubt you can always refer to the sample Microsoft implementation. Their source is available here
I've done several sites with custom membership providers.
If you want to use something non-typical, like MySQL in .NET, I would suggest that you at least make it as much non-typical-part-agnostic as possible. In your example, that would be membership provider based on DB-agnostic data access, that is Entity Framework. Then you can even "switch" your underlying DB later without pain.
Look here :
http://efmembership.codeplex.com/
http://www.codeproject.com/KB/web-security/EFMembershipProvider.aspx
I have a multi-tenant application where each tenant will have their own database. The ASP.NET MVC3 web application will look at the username passed in and determine which customer database to use to authenticate the user.
I can get this to work if I add multiple connectionStrings / membership Providers, I can get it to work.
I'd like a way to remove the dependency on the web.config.
Is there a way to configure SqlMembershipProviders via code and not tie myself to a web.config file? I'm thinking I could do it with a custom provider that I write, but would like to see if there was a way before heading down that road.
I've become less of a fan of using the ASP.NET Membership provider for my MVC projects that deal with user data in other ways. Instead, I use forms authentication and incorporate the password hash and salt as columns in my user database (similar to the schema) then manually set the forms authentication cookie.
This is actually not dissimilar from what the default MVC project scaffolding sets up. I just didn't like having to correlate my user records with ASP.NET membership records and I didn't make use of the associated profile or role capabilities.
If you go this route, then you have some options as to how to handle a multi-tenant scenario, but I seriously doubt you'll be able to (or want to, for that matter) get rid of the web.config altogether.
For some multi-tenant ideas, check out my answer in this SO question: SaaS: one web app to one database VS. many web apps to many databases
For ASP.NET MVC extranet applications, what are the pros and cons of using SQL Authentication instead of the ASP.NET Membership API to handle security?
Gern, you are describing aspects of the same framework.
The asp.net provider stack is an abstract service layer that 'provides' common services to your applications.
The built in Sql providers are simply implementations that use Sql server as a backing store. The MVC framework and scaffolding provide all of the necessary adapters for using the default Sql providers.
If the built-in asp.net sql providers provide the functionality you require then the pro is that all the work is done.
Not sure what a con would be.
In regards to the possibility that you want to compare using Sql providers vs AD providers:
The AD/Token based providers Active Directory for authentication and access control and the implication is that a user must have a valid account setup in the AD in order to access protected resources.
The Sql providers allow you to define arbitrary users that do not require AD accounts.
The infamous grey zone appears when you have a large AD user base that you must support but must also allow for non-AD accounts to be established. At that point you will start to explore the exquisite joy that building composite provider stacks will bring to your life while it steals your sleep. But that is a topic for another book.
HTH