tags:

views:

52

answers:

2
+3  Q: 

ASP.Net MVC Authentication

Hi,

I'm aware this has been asked a million times, but all I could find is either very simple scenarios or over-complicated ones that aren't of much use to me (like the huge MembershipProvider sample implementation at MSDN).

Here's my problem : I have a database with a Users table. A User has a username, password and some other important information. What I want is being able to have a page require authentication so if the user has already subscribed to the application he can authenticate using his uname/pwd, otherwise he can sign up by filling in all the required information. No roles, no special privileges, nothing, just plain simple authentication.

I guess it should be something straightforward, I just wanna make sure that it's decoupled enough and don't wanna go writing my custom authentication system if there is a built-in one already available and tested.

Thanks.

EDIT :
Just for clarification, I don't need a custom MembershipProvider, I'm using a SQL Server database so the default provider should work just fine. The problem really is how I can simply define my own set of required information for the user.

ANSWER :
I ultimately had to derive my own MembershipProvider class and override the methods I was interested in. It was much simpler than I thought ans worked well.

+1  A: 

Using Visual Studio (2008, 2010), create an ASP.NET MVC2 application (no worries, I'm not suggesting to keep it, just use it for studying). In the created code have a look at the interface IMembershipService:

public interface IMembershipService {
   int MinPasswordLength { get; }
   bool ValidateUser(string userName, string password);
   MembershipCreateStatus CreateUser(string userName, string password, string email);
   bool ChangePassword(string userName, string oldPassword, string newPassword);
}

In your application you can implement this interface any way you like, e.g. with a class that uses the information you have stored in the Users table.

Another example would be a class that uses a WCF-based web service. This is an approach I used in one of my recent projects.

All the rest is already wired up and ready to go.

John  2010-08-05 09:17:14
Implementing IMembershipService in my own Membership class isn't much different from creating my own authentication system, it's just an interface. I'd like to take advantage of something of a higher level, that is if it's possible at all. Anyway, if it turns out it's the only way to do it then so be it.
DrunkenBeard  2010-08-05 09:28:30
A: 

That's really simple, just call

FormsAuthentication.SetAuthCookie(userName, rememberMe);

and put an [Authorize] attribute on the controllers or actions that you want to restrict access

also, in case you're gonna need roles in future you can look here

http://code.google.com/p/asms-md/source/browse/trunk/WebUI/FormAuths.cs i store the roles in the ticket here

Omu  2010-08-05 20:28:00

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps