tags:

views:

26

answers:

1
+1  Q: 

asp.net membership provider api. usability. best-practice

Hello everybody,

Membership/Role/Profile providers API appeared in early days of asp.net

Nearly everytime I can't live with standard API & have to add some extra functionality (for sorting, retrieving e.t.c.). I also have to use different database structure often (with foreign key to some tables for example) or think about performance improvements.

These considerations forced teams I took part in to build own providers but I can't stand to implement providers API (because we don't use 70% of standard functionality at least). Moreover, providers that were built for exact projects were rarely reused.

I wonder if someone found swiss-knife early-days-API providers implementation that is usefull for any kind of project without refactoring... Or do you use your own implementations of early-days-API's Or may be you abandon standard architecture and use lightweight implementations ?

Thank you in advance

+2  A: 

Hi Andrew

I too have found that oftentimes I don't need all the functionality exposed in the standard MembershipProvider bases. These days, I tend to write my own lightweight methods for authenticating and authorising users.

I typically follow these as a rough guide:

  • Set authentication mode to Forms in web.config
  • Custom class to authenticate a user and retrieve roles for associated UserId
  • Login form to manually issue FormsAuthenticationCookie (see example below)
  • Configure web.config elements in subdirectories to prohibit access to roles

The following is an example of code you can use to create the FormsAuthenticationTicket yourself, using your own lightweight methods to authenticate and authorise your users:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
data.AccountId.ToString(),
DateTime.Now,
DateTime.Now.AddHours(24),
rememberMe,
data.ToString());

string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (rememberMe)
cookie.Expires = DateTime.Now.AddDays(30);

HttpContext.Current.Response.Cookies.Add(cookie);

This is just a rough idea but remember it's entirely up to you whether you use the MembershipProviders as is, whether you implement your own, or whether you choose to ditch them altogether and build your own, providing just the functionality you require. I often choose the latter, simply because a lot of the applications I write are upgrades from legacy systems which already have membership databases in place etc.

Hope this helps.

Richard  2010-05-11 08:10:03
Thank you Richard, these days I prefer to build lightweight implementation instead of architecture proposed out-of-the-box. What is the difference between FormsAuthenticationTicket and straightforward FormsAuthentication.SetAuthCookie(account.Id.ToString(), true);approaches?
Andrew Florko  2010-05-11 10:02:25
Functionally, the two are *nearly* equivalent. When you set the cookie yourself, however, you have greater control over what data goes into it and some of the additional properties. So you can also store, if you wish, role information within that cookie, as an example.
Richard  2010-05-12 07:46:56

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps