membership with custom table in asp.net mvc - asp.net-mvc

I am trying to convert my vb.net 2010 web forms application into a C# MVC 4 application. Since my membership is already setup, I would prefer to just continue using the membership provider instead of the simplemembershipprovider.
Hi,
I am using PluralSight to learn MVC, but have not been able to find any reference on how to convert membership code to mvc.
I have a custom table that is linked by UserID to the mememberships User table. This custom table, asp_customUser, stores additional information about the user.
In the account controller, there is a register action, with the view and model. The register process does not handle roles, much less my custom data.
What I would like to know is, how do I add roles and custom user information to the database, when part of the fields in the registration view come from the membership library and the other part go to my custom table.
Thanks

Yes, you can use the old membership. Just copy and paste your membership provider from the old web.config to the new one.
If this is running on a different computer, you may need to set the machine key, however, in order for it to be able to correctly validate the password hashes.
You would then remove the Simple membership initialization attribute from the Account controller, and you would need to remove all the other simple membership code. You would also be giving up the OpenId authentication, because normal membership does not work with WebSecurity, so you would have to remove all that as well.

When we wanted to extend the membership class we inherited the base membership class and used all the fields in it and the tables linked to it and then create an additional database table with a FK linked to the id in the membership table. Any additional parameters where in the new table and extended class and any standard parameters were in the std membership table and standard class.

Related

How to migrate from Forms Authentication to ASP .NET Identity

I am working in a MVC project that contains both regular MVC controllers as well as Web API Controllers. Initially I implemented Forms Authentication with custom user table. But now I am planning to use the new ASP .NET Identity and change from the forms cookie based authentication to claims based authentication and authorization. I already have a database with tables with custom fields. So I need to customize the ASP .NET Identity to work with my tables
Can anyone guide me on how this can be achieved ?
Edit:
In reply to FKutsche, here is the User table that I have. I have kept only the columns that matter.
User Table
UserId
UserName
Password
UserTypeId
User Type Table
UserTypeId
UserType
The column names are self explanatory so I am not describing them. The User Table has foreign key on UserTypeId column to the UserType table.
There's no point in making this kind of migration if you're not going to use the Identity table format.
ASP.NET Identity has an outstanding out-of-the-box list of features that simply cannot exist without the appropriate db support (and that user table is not capable of providing them).
I think you have different options here:
stick with your user table and build a custom oauth provider on it (it's not too difficult, please check this link - I personally built the security layer of many apps following this guide)
migrate to a brand new identity model with ASP.NET identity and link this table as an extended claim to the IClaimsIdentity generated for the logged user (check this SO answer for example).
IMHO, I personally prefer the second option: you have to migrate your user ids and passwords to the new system, but it's better to start with something solid and well tested. This way you will also have access to future improvements, which is probably not true with a completely customized system without a big coding effort.
Hope it helps :)

asp.net mvc3, Roles from database

I am creating a asp.net mvc project which I want to manage the roles in the database.
I have a database with a table, in the table Called Premissions I have a column (AdministratorRole) that contains roles for my mvc project, the value will hold something like 'Domain\John Smith' (the users). I want my mvc project to check this column each time it starts up.
In my mvc project i am using the Authorize attribute in the controllers:
[Authorize(Roles = Roles.AdministratorRole)]
I was thinking of creating a Interface so I can use a IQueryable to query the database, and then add something in the Global.asax file in the application_start method so that it runs the interface first and check all roles. (How can I do this?)
This is so we can maintain the roles in the database rather than in the code of the project.
How can I do this please?
Thanks
ASP.Net uses a Provider model for Membership and Roles. If you are doing something custom, then you simply need to create a Custom RoleProvider.
You can implement a RoleProvider.
ASP.NET role management enables you to easily use a number of
different providers for your ASP.NET applications. You can use the
supplied profile providers that are included with the .NET Framework,
or you can implement your own provider.
There are two primary reasons for creating a custom role provider.
You need to store role information in a data source that is not
supported by the role providers included with the .NET Framework, such
as a FoxPro database, an Oracle database, or other data source.
You need to manage role information using a database schema that is
different from the database schema used by the providers that ship
with the .NET Framework. A common example of this would be
authorization data that already exists in a SQL Server database for a
company or Web site.

ASP Membership tables -> add new property to user?

I would like to start using ASP.NET's membership classes and tables with a new MVC4 project I am building.
Let's say for example I want to keep track of user's birthdays. When creating the account, how do I add in the birthday? Is this something I keep track of with Profiles? I'm a bit confused on the correct way to add new 'columns' of data for users?
To specifically answer your question, here's how Microsoft advises to create extra tables for storing additional user information: Storing Additional User Information
Here is another posting (I would take this approach), its implementing your own profile provider, rather than using default one, so you have full control over what is happening, how it stored etc.: Implementing Profile Provider in ASP.NET MVC
Another great article by Microsoft about the same is Manage Web Users With Custom Profile Providers
It totally depends on utility and use. You can either
use default profile provider (exercising)
use custom profile provider (small scale sites)
use your own tables to store user information (enterprise level).
In the latter case you can link between default membership (assuming you using default membership provider) and your custom profile information by including user.Guid inside your table, which is used by default membership as unique identifier.
Hope this information will help you.
Profiles is the right way although it has its disadvatages. The data in the database is not in a readable way but in special strings, and profile is loaded on every postback.
Look here:
http://msdn.microsoft.com/en-us/library/z1hkazw7(v=vs.100).aspx

asp.Net MVC Add Properties to User class

In my app I want to add properties to the user class.
How should I do it?
My current solution is to create Users table in th database, but I just read that Asp.Net provides out-of-the-box users registration API and functionality.
How can I update the new properties?
Thank you
Do you mean you want a custom Principal? In that case you want to hook into the AuthenticateRequest method and add your own, derived principal. I recently answered a question regarding the creation of a custom principal here. While that question deals with WindowsAuthentication, the idea is the same:
Get the current authenticated principal,
use it to create your own custom principal,
set your principal on the HttpContext and Thread.
You can write a custom Membership Provider that plugs into the membership & authorization features built into the framework. You can also write your own custom User class that inherits from the standard class. You can design it so that it uses your existing users table if you want.
This has worked out well for us on a couple different projects.
Here's some documentation:
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

ASP.NET MVC User authentication - why it should be so sophisticated?

I'm trying to use ASP.NET MVC to my new project and have been expected that the user authentication should be rather simple there. My goal is to have a separate user database table in my main database.
I thought that the SqlTableProfileProvider should be the solution. So I added the corresponding table into my database and changed the web.config file. But it seems no matter what I change there, my web application still using the default authentication (via ASPNETDB.mdf file).
What could be the problem?
(my web.config file beginning is:)
See this reference on how to create the standard application services tables and associated database entities in your SQL server database. Once done it should be a simple matter of changing the default Application Services connection string in the web.config file to use the built-in providers for membership, roles, and profiles.
Do what I do and forget about rolling your own membership provider etc or using sqltableprofileprovider - instead extend the tables that the default membership adds through relations to your own table(s) which contains the extra data you want to store.
So, add another table to your database called 'Details', for example, then set the primary key to be related 1 to 1 to the primary key of the aspnet_Users table. Use this new table as you would any other. When you want the primary key of a user, use the membership api to grab it.
not tested!
Guid userID = (Guid)Membership.GetUser(username).ProviderUserKey;
Then add the data you require to your details table and your set.
Just seems more flexible to me - although I'm probably doing it all wrong! :)

Resources