ASP.NET MVC User authentication - why it should be so sophisticated? - asp.net-mvc

I'm trying to use ASP.NET MVC to my new project and have been expected that the user authentication should be rather simple there. My goal is to have a separate user database table in my main database.
I thought that the SqlTableProfileProvider should be the solution. So I added the corresponding table into my database and changed the web.config file. But it seems no matter what I change there, my web application still using the default authentication (via ASPNETDB.mdf file).
What could be the problem?
(my web.config file beginning is:)

See this reference on how to create the standard application services tables and associated database entities in your SQL server database. Once done it should be a simple matter of changing the default Application Services connection string in the web.config file to use the built-in providers for membership, roles, and profiles.

Do what I do and forget about rolling your own membership provider etc or using sqltableprofileprovider - instead extend the tables that the default membership adds through relations to your own table(s) which contains the extra data you want to store.
So, add another table to your database called 'Details', for example, then set the primary key to be related 1 to 1 to the primary key of the aspnet_Users table. Use this new table as you would any other. When you want the primary key of a user, use the membership api to grab it.
not tested!
Guid userID = (Guid)Membership.GetUser(username).ProviderUserKey;
Then add the data you require to your details table and your set.
Just seems more flexible to me - although I'm probably doing it all wrong! :)

Related

asp.net mvc load related data from multiple contexts

I have a MVC .Net Core 3.1 project with 2 contexts. One is the standard Identity context and the other is the application context.
These are stored as 2 separate databases on the server.
In my application I have an entity 'Project' and it has a field 'ProjectLeadUserId' in which I store the ID of that user from AspNetUsers.
When I list all of the open projects I would like to show the 'UserName' from AspNetUsers, rather than the GUID related to each of the projects.
Normally I would have a foreign key between the two so that in my view I could do something like:
project.ProjectLead.UserName
But I cant workout how to set that up in my entity as the FK would be in a different context.
Is this possible, or have I caused myself an issue by separating the Identity and application contexts?
Edit:
Ignoring the foreign key issue as I can deal with that in the application logic. Is there a way to load the related data when multiple contexts are involved.
e.g. When I get a list of projects, can I load the related AspNetUsers data, using the AspNetUsers.Id and Project.ProjectLeadUserId?
Quoting from SQL Server documentation:
FOREIGN KEY constraints can reference only tables within the same database on the same server. Cross-database referential integrity must be implemented through triggers. For more information, see CREATE TRIGGER.
It's not possible for you to have a foreign key across different databases in SQL Server.
If the 2 contexts targeted the same DB, I think what you want would still not be possible.
In my past projects I've usually seen people extending the IdentityDbContext to create their DB context and using only that.

How to migrate from Forms Authentication to ASP .NET Identity

I am working in a MVC project that contains both regular MVC controllers as well as Web API Controllers. Initially I implemented Forms Authentication with custom user table. But now I am planning to use the new ASP .NET Identity and change from the forms cookie based authentication to claims based authentication and authorization. I already have a database with tables with custom fields. So I need to customize the ASP .NET Identity to work with my tables
Can anyone guide me on how this can be achieved ?
Edit:
In reply to FKutsche, here is the User table that I have. I have kept only the columns that matter.
User Table
UserId
UserName
Password
UserTypeId
User Type Table
UserTypeId
UserType
The column names are self explanatory so I am not describing them. The User Table has foreign key on UserTypeId column to the UserType table.
There's no point in making this kind of migration if you're not going to use the Identity table format.
ASP.NET Identity has an outstanding out-of-the-box list of features that simply cannot exist without the appropriate db support (and that user table is not capable of providing them).
I think you have different options here:
stick with your user table and build a custom oauth provider on it (it's not too difficult, please check this link - I personally built the security layer of many apps following this guide)
migrate to a brand new identity model with ASP.NET identity and link this table as an extended claim to the IClaimsIdentity generated for the logged user (check this SO answer for example).
IMHO, I personally prefer the second option: you have to migrate your user ids and passwords to the new system, but it's better to start with something solid and well tested. This way you will also have access to future improvements, which is probably not true with a completely customized system without a big coding effort.
Hope it helps :)

membership with custom table in asp.net mvc

I am trying to convert my vb.net 2010 web forms application into a C# MVC 4 application. Since my membership is already setup, I would prefer to just continue using the membership provider instead of the simplemembershipprovider.
Hi,
I am using PluralSight to learn MVC, but have not been able to find any reference on how to convert membership code to mvc.
I have a custom table that is linked by UserID to the mememberships User table. This custom table, asp_customUser, stores additional information about the user.
In the account controller, there is a register action, with the view and model. The register process does not handle roles, much less my custom data.
What I would like to know is, how do I add roles and custom user information to the database, when part of the fields in the registration view come from the membership library and the other part go to my custom table.
Thanks
Yes, you can use the old membership. Just copy and paste your membership provider from the old web.config to the new one.
If this is running on a different computer, you may need to set the machine key, however, in order for it to be able to correctly validate the password hashes.
You would then remove the Simple membership initialization attribute from the Account controller, and you would need to remove all the other simple membership code. You would also be giving up the OpenId authentication, because normal membership does not work with WebSecurity, so you would have to remove all that as well.
When we wanted to extend the membership class we inherited the base membership class and used all the fields in it and the tables linked to it and then create an additional database table with a FK linked to the id in the membership table. Any additional parameters where in the new table and extended class and any standard parameters were in the std membership table and standard class.

ASP.net MVC, I want one database, not multiple

I am following the guide on the asp.net site for learning asp.net mvc4.
Link : www.asp.net/mvc/tutorials/mvc-4/getting-started-with-aspnet-mvc4/
Thing is, I want to put my movies table in the Default connection. Because I want all of the data to be in ONE database and not two.
I mean. I am confused as to why I can't just have one database, with separate tables. Surely multiple databases will introduce latency, and also scalability issues to my project.
How can I get around this?
That Default connection points to your local db and is what is used for the forms authentication stuff. That db has all of the asp.net role provider schema stuff in it and since it's an "internet" project this is where all the login stuff goes. if you want to have your entities and models hook into that same database when you add your entity framework model point it at that db and your good to go.
After a little further investigation:
It looks like http://www.asp.net/mvc/tutorials/mvc-4/getting-started-with-aspnet-mvc4/adding-a-model is where you define your connection string for your entities. I noticed AttachDbFilename=|DataDirectory|\Movies.mdf in there, and after verifying my thoughts http://social.msdn.microsoft.com/Forums/en-US/sqldataaccess/thread/f21c0728-935d-492a-baaf-ff2704e3683b/ it looks like that is what is spinning up a second database in the app's data directory called movies.mdf. If you want to keep your 1 default database, change the connection string information in your MovieDBContext string to that of the default connection and and it should create your new movie structure within that same database.

asp.net mvc3, Roles from database

I am creating a asp.net mvc project which I want to manage the roles in the database.
I have a database with a table, in the table Called Premissions I have a column (AdministratorRole) that contains roles for my mvc project, the value will hold something like 'Domain\John Smith' (the users). I want my mvc project to check this column each time it starts up.
In my mvc project i am using the Authorize attribute in the controllers:
[Authorize(Roles = Roles.AdministratorRole)]
I was thinking of creating a Interface so I can use a IQueryable to query the database, and then add something in the Global.asax file in the application_start method so that it runs the interface first and check all roles. (How can I do this?)
This is so we can maintain the roles in the database rather than in the code of the project.
How can I do this please?
Thanks
ASP.Net uses a Provider model for Membership and Roles. If you are doing something custom, then you simply need to create a Custom RoleProvider.
You can implement a RoleProvider.
ASP.NET role management enables you to easily use a number of
different providers for your ASP.NET applications. You can use the
supplied profile providers that are included with the .NET Framework,
or you can implement your own provider.
There are two primary reasons for creating a custom role provider.
You need to store role information in a data source that is not
supported by the role providers included with the .NET Framework, such
as a FoxPro database, an Oracle database, or other data source.
You need to manage role information using a database schema that is
different from the database schema used by the providers that ship
with the .NET Framework. A common example of this would be
authorization data that already exists in a SQL Server database for a
company or Web site.

Resources