How would you handle membership in an ASP.NET MVC application? Using any external libraries? How would you do OpenID log in? username log in? email log in? any other that is worth looking into? Maybe all of them mixed into the application?
It seems ASP.NET comes with some pre-build user database (I'm totally new to .Net). The NerdDinner example uses it but then it makes the foreign keys use the username. That doesn't sound very good. Do you use this schema of two separate databases or only one? What do you use as the foreign key, any IDs?
I've found ASP.Net MVC Membership, anybody using it? does it work well? can it be expected to be maintained?
Membership Providers are not new to ASP.Net MVC, they were introduced with ASP.Net 2.0.
The Membership Provider model is simply an abstraction layer between your application and whatever source you are authenticating your users against. You can switch providers easily by simply changing your web.config file.
It is easy to write a membership provider, there are many walkthroughs on the web. Typically you would do so if you were using a database that used a different schema than the default examples that come with ASP.Net (which is most of the time). The foreign keys on the username thing in the NerdDinner example is a simplistic example that you would rarely see on any real-world databases.
I would highly recommend using the Membership model. Controls like the Login control are built to make use of it, and it is well-designed and makes it easy to change or combine different login methods for your application. If you want to use OpenID, a quick google search brought up this OpenID Membership Provider.
Related
I must have missed this somewhere (or slept through the class)... the standard ASP security tool for managing users and roles seems to be absent when using the new simple security version. That is, the original is there and working, just points to traditional ASP security... NOT to the new "simple" system.
In my project I can log in, I can look at the webpages_ tables but can find no method of accessing them in my project... I would be happy to manage roles and get the USERID and maybe ROLEID so I could tie the user to other functions in my project.
I've looked through hundreds of posts and articles... normally I find I am missing some minor config entry or something but this time I am a little more stuck.
Advice is appreciated.
Thanks!
SimpleMembership does not work with the Web Site Administration Tool (WSAT). There is a good overview of SimpleMembership in this blog. Here is a quote from it.
WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there:
Use the WebSecurity and OAuthWebSecurity API to manage the users and
roles.
Create a web admin using the above APIs.
Since SimpleMembership
runs on top of your database, you can update your users as you would
any other data - via EF or even in direct database edits (in
development, of course)
I would also add that you can seed some of this information at application start-up, such as what roles are available, as shown in this article.
ASP.NET newbie here, I'm looking for a way to integrate my existing database into ASP.NET's authentication system. I have a separate project making use of Entity Framework to interact with a database (Model-First Entity Framework 5) that I would like my ASP.NET MVC 4 site to use to authenticate off.
To further complicate matters, this is not a simple username/hash/salt table. I employ Blind Hashing and two factor authentication using the Google Authenticator (OATH-TOTP) is an option users can have. Additionally, I don't just have users, I have Accounts and Profiles, of which an Account can have many profiles (distinct, separate 'users' in a public sense that the owner can easily switch between). Lastly, Account can also have several emails, not just one. In other words, this doesn't fit in to normal user/password conventions when dealing with authentication. Fortunately, I've written partial classes to give most of these entities (such as Account) ways to handle this easily, such as:
someAccount.CheckPassword(password[, twoFactorToken])
I can do this easily enough using Entity Framework 5, but I'm very unfamiliar with how ASP.NET MVC 4 handles users. Is there an easy way to get user authentication going in ASP.NET MVC 4? Do I need to do something with MembershipProvider? Do I use SimpleMembership or the legacy one? Bonus: Can I take advantage of Windows Identity Framework and use that instead?
I've opted instead not to use the Membership Provider, and just use Forms Authentication. I did not realize you could use this without using a membership provider.
I am a new Asp.net Mvc programmer and I am developing a web site with the use of code first entity framework.
I know that there is a built in membership provider inside mvc project and even I can use custom membership provider in order to change it to my taste.
but I am not sure if it is better to forget about membership provider and implement all of them (login,authentication,...)by myself to have better integrity?
which is time consuming.
Could you plz tell me which one is better.
Regards
There is a SQL membership provider (http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx) that comes with the .NET framework that you can use. I would take a closer look at that. If it doesn't fit your needs, then build your own.
I always build my own as I like to have complete control over the data model. Most sites I work on, I only need to implement ValidateUser() in the membership provider, but what all you need to implement purely depends on what you are using the membership provider to do. I use the YAGNI approach when it comes to implementing providers. I only implement methods that I know are going to be called.
If this is for a product you are building, then I would go ahead and implement everything as you never know what other developers might use your product for.
ASP.NET Membership Provider is an excellent authentication framework. You can easily extend the framework by adding the membership provider to your database or building ontop of the existing database.
The ASP.NET Membership Provider has already done the hard work for you when it comes to authentication, state management, encryption, hashing, and roles, to name a few features. Why reinvent the wheel?
You can easily call pre-built ASP.NET membership functions and save yourself loads of work.
Aside from saving yourself time programming a new, possibly bug prone, authentication service, you would also be using a .NET industry standard. That means if you run into problems while using it, there have been many more before you that have already faced the same problems. You also make your authentication manageable, as because it's a standard, others will easility be able to pick it up and run with it.
For some reason, the idea of setting up Membership in ASP.NET MVC seems really confusing.
Can anyone provide some clear steps to setup the requisite tables, controllers, classes, etc needed to have a working Membership provider?
I know that the Demo that MVC ships with has an Accounts controller. However, should I be using this in my own project? What do I need to get my existing database ready if so? If not, how do I learn what I need to do to implement a membership provider?
Check out this step by step blog on how to set up Membership provider in your asp.net mvc project. The sdk tool you need to get your database ready is aspnet_regsql.exe, you don't need to create a separate database to do that ( a lot of people think they have to provide a separate aspnet.db), you can run the command on your existing database, and it will create the tables, views, and stored procedures to handle the membership provider for you.
However, should I be using this in my
own project? What do I need to get my
existing database ready if so? If not,
how do I learn what I need to do to
implement a membership provider?
The benefit to use the default provider (SqlMembership provider) is to save yourself a lot of time. It involves a lot of work to design a complete membership and role provider.
Edit [2014-06-19] Asp.Net Identity Framework is Microsoft new recommendation to manage user sand permissions.
Check out this link:
https://github.com/TroyGoode/MembershipStarterKit
Most of the work is already done for you. Just download the sample project and run the aspnet_regsql.exe against your database.
check out my answer in this post;
membership
If you want to keep the membership provider that .Net creates for you then you can copy all the tables etc to another sql database and point the provider at it via the config file.
Post a comment if you need more than this.
I'm creating an ASP.NET MVC site and I need to implement login and membership functionality.
Is this something where I roll my own? I already have a members table in my database, should I create a username and password hash field and just check against it? What about keeping the user logged in with a cookie that expires?
Is this an instance when you would use ASP.NET's built in Membership service?
ASP.NET MVC neophyte seeks help.
When you create a new ASP.NET MVC site, it already has membership built in. The CodePlex project mentioned in the other reply is only needed in special cases, namely:
You are using an early beta of the MVC framework, which doesn't have the membership feature.
You want to use an authentication system like OpenID, which isn't supported "out-of-the-box" with MVC.
You want membership administration features not included "out-of-the-box"
However, like I said, basic membership functionality is already present in an MVC site. Just add the [Authorize] attribute to any action requiring login. This is regular forms authentication, so you configured in Web.config like a non-MVC site (specifying the database, etc.; there's lots of information on the web about this).
A default MVC site will contain an "Account" controller and views which you can customize to fit your needs.
To answer the obvious question, no, you should not "roll your own." Even if you need custom authentication, it would be better to create a regular ASP.NET membership provider than to create an entirely new membership framework.
Update: The CodePlex project was updated to work with MVC 1.0
If you want to use something safe to start off with, either use the new project's template membership or consider using http://www.codeplex.com/MvcMembership.