In previous versions of Visual Studio I have on occasion had a need to change the Membership to my own custom one because of existing user tables and/or existing password policies. To do this I used the Membership Provider and changed accordingly.
I have just started looking at VS 2013 and new projects uses OWIN and ASP.Net Identity which I'm not familiar with yet. Does anyone know the best way to customise these as well in order to use existing tables and override login functions?
This article Migrating an Existing Website from SQL Membership to ASP.NET Identity should get you started.
Related
As you know, Microsoft removed ASP.NET Web Configuration Tool in VS2013 and it is a bad downgrade for it. thanks THIS post that shows a way (but difficult) to use ASP.NET Configuration Tool.
so what is the easiest way to define memberships, roles, users, access rules and ...?
ASP.NET Web Configuration Tool was really simple and user friendly.
Any more suggestions would be greatly appreciated.
Microsoft is moving membership system from Membership Provider to ASP.NET Identity.
However, if you want to use Membership Provider there is a new one called ASP.NET Universal Providers.
ASP.NET Universal Providers supports NuGet package, and the package will create the requires membership tags in web.config.
Setting up membership/roles isn't much difficult once you understand the basics. You will love to set things up directly in the web.config, once you start using it.
Check these:
Setting up Membership
Setting up authorization rules
Now that Microsoft has removed support for the ASP.NET Web Application Management tool in Visual Studio 2013, what is the best way to manage users and roles in your ASP.NET applications?
I'm starting on a new web app, and instead of building my own system for authentication and role management, I planned on using ASP.NET. However, what is the easiest way to add roles and members without directly editing the database?
I would suggest following the methodology used in the ASP.NET Identity Sample:
https://github.com/rustd/AspnetIdentitySample/tree/master/AspnetIdentitySample/Controllers
They use two Controllers: RolesAdminController and UserAdminController.
Using this scheme would allow for a seeded administrative account to then manage the roles and users of that site.
I suspect you could probably just copy those straight into a new project using the new Identity scheme with very few modifications to work properly. However, I haven't personally attempted doing that part myself.
I am trying to re-learn ASP.NET and building some application, however tutorial seems to be running shorts.
I understand ASP.NET comes now with built in membership which allows users to created and edit, login to users. However, is there a way for me to create a User Controller. From what I have read, its a big no, because it may conflict with the AccountController. Maybe this is wrong, but I would like to be sure first.
Also I understand that I can use the word [Authorize] in a controller ( action, or class ) to limit access to users. However if I provide [Authorize(Roles="Admin")] How can I define the roles to a users? Is there a field that already exists in the membership providing this or do i need to supply a second nuget packages. If its a field from the user, how does it know Roles is the value in the User tables?
You're confusing multiple things. Asp.net is the basic web technology, and there are three technologies that sit on top of that. Webforms, Web Pages, and MVC.
Membership has been a part of asp.net since Version 2, released in 2005. This is nothing new. There has been much written about it over the years.
If you're using MVC, which it seems you are, and you're using MVC4, then the default internet template uses SimpleMembership, which is not compatible with the built-in membership editor in Visual Studio (known as the Web Site Administration Tool or WSaT). This is only compatible with the old SqlMembership database tables, and SimpleMembership does not use those tables.
You can use SqlMembership with MVC4, but you have to configure it to use SqlMembership. Or, you can just not use WSaT and configure your user yourself.
Oh, and don't listen to people that tell you to create custom membership providers. This is the worst advice possible unless you know what you are doing, because it's non-trivial to create secure password hashing techniques. And 99% of people that try (even people that should know better) get it wrong unless they pay very close attention.
Use a provider from a reputable source unless you have VERY good reason not to. And then, check, double check, triple check your hashing code and then have an expert check it.
For Authentication and Authorization in asp.net, have a look at Forms Authentication and Membership Provider (and Role Provider for roles)
A quick search gives this article: Here
have a look at other searches for "Custom Membership Provider"
This also looks interesting: How do I create a custom membership provider for ASP.NET MVC 2?
I'd like to make an OOB Silverlight app based on the Silverlight Business Application template in Visual Studio. The template uses the default ASP.Net membership provider. I understand how to use that to add users and roles, etc. I've found plenty of tutorials on that. What I'd like to be able to do, is configure the Silverlight template so that it uses an existing ASP.Net membership base. We'd like this app to have a companion website (ASP.Net based).
To clarify: We've been able to setup an ASP.Net website and have created a SQL database with the required tables (aspnet_Users, aspnet_Membership, etc.). I'd like to configure a Silverlight app to access the same users and roles that are in those tables.
Can anyone help me out in terms of what I'd need to put in the Web.config? Do I just need a connection string? I'm new to ASP.Net authentication, but I'd rather use what ASP.Net gives me out of the box than have to write my own authentication service. I feel like this should be really easy, and is just a matter of pointing the Silverlight app in the right direction.
I'd like to use Silverlight 5 and .Net 4.5 if I can but I don't mind using an older version of either if it makes things easier.
You can just point the connection string to the existing database.
From this answer:
You can point your connection string for authentication to a database that all application can access.
So if you have the default database that .NET creates, you can point your other application to that as well for authentication.
I'm somewhat confused by membership providers for .NET. I have built a MVC 3 web application, but obviously login pages don't work out-of-the-box because I need to wire up a membership provider. I would have expected this process to be easy, but when I search for help I find numerous articles on writing custom providers. Can't I just set up a table or two, wire up a few details in web.config and have things work based on some default MVC membership provider?
I have no desire to re-invent the wheel!
TIA.
The MSDN membership installation documentation is still applicable through to .NET 4, although note that the default Membership provider changes in 4.5 - totally different table structures.
TL;DR
Create the aspnet membership database OR add the tables to your existing database (aspnet_regsql.exe, which is in the .net 2 framework folder)
Add the necessary membership and role provider configuration sections to your web.config.
Use the site admin tool to add users (or at least an initial Admin User)