It's my first contact with MVC so please be understanding for me. First of all:
1) If I will implement custom Membership provider with sql database, with my methods to activate user via e-mail, putting user into database etc. (and just one table - tableUsers), this solution about oAuth and Facebook login will works properly? Honestly, it's not clear for me at all.
2) What solution is better. My custom membership provider, or using default?
I want to sending my custom activation e-mail, then activate account. Later, I want to add new columns into userProfile table - "ID type" and "isActivated". I will storage additional info about user in separate table (telephone, webiste, about me, hobby etc) - I will get this data by IDuser from userProfile. What is more, I want to use loggin method via Facebook or Twitter. I found solution on asp.net website, how to do it with Oauth.
What solution I have to choose?
Regards
What solution is better. My custom membership provider, or using default?
As you want to store extra user information in the database, you will need to create your own custom Membership Provider as the default one lacks this flexibility. Also with the default membership Provider , you will not be able to verify your user with an activation email. You will have to customize it.
How to do it with Oauth.?
The default Membership Provider provided with MVC4 in VS 2012 has the ability to do login using Facebook and Twitter and you can add even more like LinkedIn. But, as you will need to create Custom Membership provider for storing additional information, you can use DotNetOpenAuth library for this. It is the same used by the default Membership Provider. You can add it through Nuget.
Related
I want to create my own OpenId Provider instead of using Google, Yahoo etc
I have just followed the below link for creating OpenID Client
https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Creating-an-openid-relying-party-%28programatically%29
when I am entered https://www.google.com/accounts/o8/id in the openId textbox, it just took the Authentication from the Google and return token with information like EmailID, UserName etc, Instead of this I want provide Authentication from my own Provider
Please help me to create OpenId Enabled Website.
Thanks
DotNetOpenAuth provides classes and structures which enable you to easily
create OAuth Consumer or Provider and manipulate Tokens. However each both
Consumer and Provider have to decide on how to handle and store the
Tokens.
Please follow the links
1.
Dotnetopenauth single sign on with custom identity provider
2.
http://hoonzis.blogspot.com/2011/08/using-dotnetopenauth-to-create-oauth.html
Second link explains in details. it also has a link to download source
code so you can refer to that. I want you to create your own sample based
on #2 as he is using LINQ TO SQL.
i need to know this.. in the asp.net membership provider, it is possible to create a user with more than one mail?
The thing is that i want in my page (ASP.NET MVC 3) the users can have various emails to login.
It's this possible?
Thanks!
Membership Provider is limited to 1 email account per account holder. You can attach custom attributes for each account using Membership Profile. So your secondary email would simply be an attribute of the user's profile. Here is a great article explaining how to do this.
It is possible, but not with any of the built-in membership providers. You will need to implement your own. Just know that your design will come down to ensuring that e-mail is unique in the table and is linked to a single user account (many-to-one). This will require a separate table in the database for the many e-mails a user may have.
With the default membership providers, no. An email address maps to one user. You can however implement your own membership provider that will take care of this situation.
I'd argue its not a job for the membership provider -- multiple email addresses smell like an application-layer concern.
Our site has got two ASP.NET membership providers. The built in one, and a custom one (SqlMembershipProvider.
I am able to log into both no problems, but I don't necessary require the ability to have both logged in at the same time.
The issue I have is as follows:
User "person_a#site.com" logs into the built in provider. They then navigate to the section of the site where we require the custom provider.
On this page, I can check if they are authenticated, and get their username. I can then get a MembershipUser object form the custom providers GetUser method. (HttpContext.Current.User.Identity.Name)
It is possible (and very likely) that the username "person_a#site.com" could also exist in the users for the custom provider.
But, I don't want them to be logged in here, as they haven't authenticated against the custom provider.
So, is it possible to check which proivider HttpContext.Current.User was generated from.
Hope this all makes sense!!
Yes, if you notice on the RolePrincipal there is a property called ProviderName.
Typically when people roll their own providers they omit usage of this field.
In your case, simply modify your custom provider to identify itself, if it does not already, and check that property of the user.
In a website, I need to integrate membership and authentication. So I want to use the functionality of ASP.NET Membership, but I have other custom stuff, that a "user" has to do.
So I am sitting here with my pencil and paper, drawing lines for my domain model... And how can I best utilize the ASP.Net membership, but extend it to fill my needs?
Should I create a class that inherits from a MembershipUser and extend it with my own properties and methods (and save this in a seperate table). Or should I let the MembershipUser be a property on my custom User/Client object?
What would be a good solid way to do this?
I've thought about it and there are 2 ways that seem appropriate (of course there are more ways to make it work).
Custom Membership Provider
You change the membership provider to use your own and use your User object to store all the information.
The problem with this one is that it involves a lot of re-implementation of things that are already well handled by Asp.Net. The good thing is that you have a single User object with all the details.
Link from a Membership User to your User
With this method, you would use the original Membership provider to handle the user name and password, but you link your own User object with this one with something like the user name by using a service for example.
It's really easy to set up, you just need to create a service that would be used like this:
string userName = "Jon Skeet";
User user = new UserManagementServices().GetUserByUserName(userName);
I ended up writing my own membership-provider, and have implemented that in 3 separate solutions now. It is extremely simple and much, much more elegant than linking a user to a membershipUser (which I have also tried).
Read this...:
Create Custom Membership Provider for ASP.NET Website Security
And if you want to learn more, watch this video (with sourcecode).
I've extended MembershipUser and created my own version of the SqlMembershipProvider to map to my existing domain, and its working well, in production now.
MembershipUser is essentially a view over my User table. My extended MembershipUser class includes profile/account-style properties instead of using the default SqlProfileProvider system, which is a bit fragile.
I wasn't able to use the existing membership tables or sprocs, but wrote my own. For example, the SqlMembershipProvider uses a GUID as an opaque key, but the production system uses a plain old int. All of the dates are UTC, etc. too.
All of the extra User functionality is accessed via the User domain not via Membership methods.
HTH.
I'm currently working through the Microsoft ASP.NET 2.0 Membership API Extended article from CoDe Magazine which explains how to extend the membership API by writing a wrapper around the existing classes. Main benefit is that you can keep all the out of the box functionality and not have to rewrite your own as you would when implementing a custom provider. Source code is provided.
I've seen examples of producing a custom registration control which persists its information with some extra fields (or a table depending on the problem) in the corresponding Sql Server.
It's also said that there is a way to do the same thing with the Profile API (persist custom info in a registration control). Is there a walkthrough for this?
Thanks
Check out this link from MSDN Storing User Information with ASP.NET 2.0 Profiles
You'll also need to know how to Create the Application Services Database for SQL Server