I've been Googling terms like
configure database for mvc authentication
But I can't find anything from this decade that relates to my configuration.
I've created an MVC application using .NET Framework 4.6 with authentication support (database first). Now where do I find step-by-step instructions for creating the database tables and configuring MVC to use them?
Thanks for any tips!
The correct thing to google for is 'ASP.NET Identity'.
If you generate an MVC app straight from one of the templates it will generate a number of classes to handle security and identity.
One of these classes will implement interface IUserStore. The class provided will inherit from Microsoft.AspNet.Identity.EntityFramework.UserStore<TUser>, and uses Entity Framework to check the database if the tables exist, and create them if they are not there.
If you are uneasy about giving your application enough privileges to modify your data schema (ew!), you can create your own class that implements IUserStore and plug that into the system.
It's a big topic, but hopefully this is enough to get started with.
Related
I'm trying to develop an application using MVC 4.
Earlier I was using Generic repository for accessing my database .
But later I was suggested to use Data Access Application Block to access Data Base in my application .
I'm not getting any exact clue that how to start with it.
Can any one suggest some link which can provide me the exact information about Data Access Application blocks for .NET 4.5 and MVC 4 and also some examples of its correct usage.
Thanks in Advance..
I think Data Access Application Block is quite obsolete.
Why don't you use an ORM (such as Entity Framework or NHibernate) to build your data access layer? As you can see here Entity Framework is Microsoft’s recommended data access technology for new applications
There's quite a lot of documentation on the Pattern & Practices site at MSDN, http://msdn.microsoft.com/en-us/library/dn440726(v=pandp.60).aspx.
I have used DAAB in a few projects, but it's quite heavyweight and isn't as widely used as other frameworks. It's also very data-centric rather than being more domain oriented. You might want to consider Entity Framework or a similar ORM over DAAB.
I am writing a new web site and am looking at Asp.Net Identity 2.0. Out of the box, it uses Entity Framework for all of its data access. For the rest of the site, we were creating middleware web services for data access. Our original plan for security sake was that the web servers would talk to middleware and middleware would talk to the database via Entity Framework. We had planned on blocking via firewall database access from the web server.
I see that I can create a custom provider for Identity 2.0 and it in turn could use middleware for it's data access.
Here are my questions:
Is it more secure to not allow the web servers to have direct database access?
If it is more secure, why would Microsoft not build it that way out of the box
If you were starting from scratch like we are, would you recommend using entity framework or writing a custom provider that goes through our middleware layer?
Thanks.
1.) It can be secure. I don't see it as a security issue but coupling issue. What if you want to upgrade or change from Entity Framework in the future? What if you want to change from Identity 2.0? What if you want to upgrade one but you can't because the other doesn't support it yet.
2.) Microsoft wanted to promote it products first and foremost. For simplicity sake if your ok with Entity Framework and Identity 2.0 and don't mind how coupled they are it could be perfectly fine solution.
3.) How much time/effort can you afford to spend on the custom provider? It might not be worth the effort to create your own provider.
Asp.NET Identity out-of-the-box is actually Asp.Net Identity on Entity Framework. It generates a database, connection string, the model files, the controllers and a context class for you, which you can redirect to your own database for it to generate the Identity tables within. Everything is very secure, and they've taken care of a lot of the authentication/password hashing for you. I wouldn't say it is worth it to create your own provider, but you can also create your own provider within Identity if you want. Identity 2.0 is great. Very easy to add custom table properties, etc.
I am building an MVC3 web app and new to .NET and programming in general.
I was thinking about using the built-in ASP.NET membership provider but it seems I would have to tip toe around it, unable to cleanly link users into the rest of my entity objects and it would be a separate database too.
I just need the basics Users, Roles, Password change/retrieval. The addresses and other user specific info I take it don't have anything to do with the membership provider tables ? As in I would just need a FK relationship with the UserID etc. in one of the respective membership tables?
From what I have been reading there are ways to inherit from ASP.NET Membership Provider and implement the abstract methods for use wit EF. If that is my best bet are there any good examples or tutorials on doing so?
Rolling my own would be quite difficult I suppose, but if there's a good guide on doing so with EF codefirst I'd gladly check it out. Or maybe there's already some recommended providers on codeplex?
PS. Using sql express and will be deploying to some cheapo webhost, prolly with 1x SQL server 2008 db limit.
Thanks..
You should look at MVC3 Boilerplate project on GitHub. It has EF integration with MembershipProvider, look specifically at the UserMembershipProvider classes.
I am trying to make the move from PHP to ASP.NET. I have about 10 years experience with PHP, and 4 with C#.
But I having problems with the authentication and membership system in ASP.NET. So i have spend quit a lot of time finding a guide on how to create a membership provider for a custom database setup from scratch, but i can't find any that i can get to work.
So do one of you guys know a good guide to creating and implementing a custom membership provider?
You can find a ton of great ASP.NET Security related tutorials and information at http://www.asp.net/web-forms/security.
Specifically on how to create a custom MembershipProvder: http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider.
You can also read this: Using Access instead of SQL server for your ASP.NET Application Services which has a download to sample providers.
Creating a custom membership provider is usually as simple as creating a class that inherits SqlMembershipProvider and then setting it up in the web.config
I'm currently working on an application that will likely be deployed amongst various organizations within my current workplace. I need to develop a testable and properly designed authentication framework so that for each implementation folks can choose to use either Windows Authentication, Forms Authentication, a home-grown Single-SignOn system OR OpenID.
So given ASP.NET MVC (and in particular I'm using the S#arp Architecture framework) how should I go about doing this?
Ideally it would be nice if folks can simply make changes to the web.config file in each case.
Thanks
ASP .NET MVC supports ASP .NET membership provider, making it easier for you to handle Windows/Forms Authentication without any hassle. As long as you specify the required information on the web.config. The default site comes with an example.
For other options of implementation, Kigg has an OpenID implementation which also includes the unit testing code.
I guess that after learning how those work you'll find a way to include your "home-grown Single-SignOn" authentication framework :P
Update:
In order to use the membership provider using your own users table, you must implement a custom provider. The configuration through the web.config will be available anyways, but you'll need to create a class which implements the MembershipProvider abstract class.
Here's a link to a video and some source code explaining how to achieve this.