views:

26

answers:

1

Hello everybody,

Membership/Role/Profile providers API appeared in early days of asp.net

Nearly everytime I can't live with standard API & have to add some extra functionality (for sorting, retrieving e.t.c.). I also have to use different database structure often (with foreign key to some tables for example) or think about performance improvements.

These considerations forced teams I took part in to build own providers but I can't stand to implement providers API (because we don't use 70% of standard functionality at least). Moreover, providers that were built for exact projects were rarely reused.

I wonder if someone found swiss-knife early-days-API providers implementation that is usefull for any kind of project without refactoring... Or do you use your own implementations of early-days-API's Or may be you abandon standard architecture and use lightweight implementations ?

Thank you in advance

+2  A: 

Hi Andrew

I too have found that oftentimes I don't need all the functionality exposed in the standard MembershipProvider bases. These days, I tend to write my own lightweight methods for authenticating and authorising users.

I typically follow these as a rough guide:

  • Set authentication mode to Forms in web.config
  • Custom class to authenticate a user and retrieve roles for associated UserId
  • Login form to manually issue FormsAuthenticationCookie (see example below)
  • Configure web.config elements in subdirectories to prohibit access to roles

The following is an example of code you can use to create the FormsAuthenticationTicket yourself, using your own lightweight methods to authenticate and authorise your users:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
data.AccountId.ToString(),
DateTime.Now,
DateTime.Now.AddHours(24),
rememberMe,
data.ToString());

string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (rememberMe)
cookie.Expires = DateTime.Now.AddDays(30);

HttpContext.Current.Response.Cookies.Add(cookie);

This is just a rough idea but remember it's entirely up to you whether you use the MembershipProviders as is, whether you implement your own, or whether you choose to ditch them altogether and build your own, providing just the functionality you require. I often choose the latter, simply because a lot of the applications I write are upgrades from legacy systems which already have membership databases in place etc.

Hope this helps.

Richard
Thank you Richard, these days I prefer to build lightweight implementation instead of architecture proposed out-of-the-box. What is the difference between FormsAuthenticationTicket and straightforward FormsAuthentication.SetAuthCookie(account.Id.ToString(), true);approaches?
Andrew Florko
Functionally, the two are *nearly* equivalent. When you set the cookie yourself, however, you have greater control over what data goes into it and some of the additional properties. So you can also store, if you wish, role information within that cookie, as an example.
Richard