views:

1088

answers:

1

I have a custom membership/roles provider that I use in my MVC controllers that I also want to have accessible to ASP.NET MVC, so I can use AuthorizationFilters, etc. Since so many people have implemented custom providers I imagine many people have done this but I haven't figured it out or found postings that address this problem specifically. This post is sort of a flip side of my question. In my case I have my custom provider working well with my controllers, and I want MVC to use it too.

My provider is implemented with a IoC/dependency injection design. The provider exposes additional functionality beyond the baseline membership/roles API. In my controllers, I use Castle Windsor to create instances. The code looks similar to:

public class HomeController : Controller {
    IMembershipService _membershipService;
    public HomeController(IMembershipService membershipService) {
        _membershipService= membershipService;
    }
}

<castle>
 <components>
  <component id="MembershipService" 
             service="IMembershipService, MyApp" 
             type="MembershipService, MyApp" lifestyle="PerWebRequest">
    <parameters>
      <connectionString>#{defaultConnectionString}</connectionString>
    </parameters>
  </component>
 </components>
</castle>

public class WindsorControllerFactory : DefaultControllerFactory {
    private WindsorContainer _container;
    public WindsorControllerFactory() {
        _container = new WindsorContainer(new XmlInterpreter(new ConfigResource("castle")));

        List<Type> controllerTypes = new List<Type>();
        foreach (Type t in Assembly.GetExecutingAssembly().GetTypes()) {
            if (typeof(IController).IsAssignableFrom(t))
                controllerTypes.Add(t);
        }

        foreach (Type t in controllerTypes) {
            // LifestyleType.Transient = new controller instance for each request
            _container.AddComponentLifeStyle(t.FullName, t, LifestyleType.Transient);
        }
    }

    protected override IController GetControllerInstance(Type controllerType) {
        return (IController)_container.Resolve(controllerType);
    }

This all works great in my C# code but I want to wire my provider into MVC to use [Authorize] filters with it:

[Authorize (Users="user1, user2", Roles="role8")]
public ViewResult MyResult(int x) {
    // implement
}

I know that the usual way to tell ASP.NET about a custom membership or roles provider is in the web.config file as below but if I do this ASP.NET will just try to call the default constructor, which won't work. Any help appreciated.

<membership>
 <providers>
  <clear/>
  <add name="MyMembershipProvider" type="MyMembershipProvider">
 </providers>
</membership>
+7  A: 

The simplest way to get this to work is to use ASP.NET's standard mechanism of <membership> in web.config. You just let it use the default constructor but you override Initialize() and pull the dependencies there. Use this as reference.

Personally, due to things like this, I prefer to avoid the provider model altogether so I use an approach similar to the ones described in the MonoRail docs. IMHO it's less bloated and more flexible. In the end, it's just about setting HttpContext.User with a proper IPrincipal implementation which is what the AuthorizeAttribute uses.

Mauricio Scheffer
Thanks for this. While your first method works fine, as you said creating custom IPrincipal/IIdentity classes provides more flexibility. For example, it's a short path to create some different kinds of user/role authorization than Forms Authentication provides.
Keith Morgan
It looks like the webdotnet project is currently moving its repository to mercurial, the link is broken :-(
Mauricio Scheffer
webdotnet project up :-)
Mauricio Scheffer