Is it possible to override the logic IsInRole in asp.net? I use my own tables of roles in the database and I would like to know how to use own logic.
Something like inheriting from PrincipialBase. Do you know some ways?
I would only use RoleProvider if you are using other aspects of ASP.NET authentication and authorization management. However, if you have your own database for storing role information and already have a UI for managing user roles, you can get away with just creating a GenericPrincipal with your roles and replacing HttpContext.Current.User with it during PostAuthenticateRequest (for ASP.NET).
MVC is slightly different, depending on how you are managing authorization. Here is a related question.
application role management in asp.net mvc (How)?
It is better to load all the roles for a user once per request then to check roles against the database multiple times during the request.
Then you need to implement a custom RoleProvider. Here is a guide to implement a RoleProvider.
Microsoft released the source code for the default providers (membership, role, etc...).
That is also a great reference when implementing your own provider. The one time I implemented a custom role provider, it served me very well.
Related
I'm starting a new ASP.NET project (WebAPI and WebUI) using the Identity 2. What I am struggling to understand is when and if to use claims at all.
My app will require users to login and previously with the old Membership system, I would have added them to a role when they register. Should I continue doing this or is there a better way to handle all of this nowadays?
Wouldnt using Roles and Claims just overcomplicate things?
Thanks
Always use claims. All .NET identities are claims-based by default. BTW, a role is also a claim - a claim of type ClaimTypes.Role.
I have been going around in circles trying to properly understand this.
I have an ASP .Net MVC project I am working on and need to implement user logins that authorize and authenticate against en external system (via webservice).
I can't seem to get my head around MembershipProvider and AuthorizeAttribute in the context that I require.
Which do I need to use (I believe its both) and where do I need to customize to provide the authentication against an external system.
There is one additional thing I also require on top of the default ASP .Net user principals in that the external webservice will return a session ID upon successful login that would be used for subsequent requests to external services.
Would someone be able to point me in the direction of some useful example of this sort of set up?
MembershipProvider is used to provide the users that may login the system. The RoleProvider is used to tell which roles a user has. They are used during the authentication process. i.e. identifying the user. You can read about membership vs roles
The [Authorize] attribute on the other hand is used during authorization. i.e. to check if the user is allowed to do something.
Question is:
LDAP authentication required
Internal users automatically authenticated, external users requires login
Where do I store complex access control rights?
In the AD/LDAP or in the Application itself (asp.membership db).
What is your experience and best practices suggestion?
Looking to build this in asp.net mvc 2 and using membership features, so best practice here i guess is that we roll our own custom provider to acomplish this...
I would have to say the best approach to this would be to adopt single sign on using membership login, but then implement your own access control for fine grained application access rights internally in your own system.
I'm working on a project that needs to authenticate users based on records in two different databases. All administrators are stored locally and require full functionality to manage their accounts (reset password, etc). Regular users are authenticated against a different database used by another web app, so I only need to check that their credentials are correct.
After entering their username/pass at the logon screen, my app should check if they exist in the local admins table. If so, they are given the role of 'admin' and allowed access. If not, it should then check the other app's user table and give them a 'user' role if successful.
The project is basically a large online book. Users simply need authentication to view it, rate the sections, and bookmark pages. The rating/bookmark data will be associated with their unique id. All user management is handled in the external app. Admins, however, will only be able to view/edit the pages and will NOT be rating/bookmarking things. Their accounts will be managed with this admin area.
What is the best way to accomplish this in a .NET MVC application? By 'this', I mean integrating the logon/authentication system with both and assigning them a role based on which database confirms their credentials.
Thanks in advance!
MVC really doesn't have much to do with your user validation logic - you'll need to implement a custom membership provider to handle connecting to both databases and performing the validation. This membership class could be ported to any application though, it's not specific to MVC.
Once you've got your logic in your custom membership provider, you just need to use FormsAuthentication with your MVC app, of which there are lots of tutorials around, here's a quick one.
The only tip that I would add that pertains to MVC is that you should try to keep your logic for view decisions in your controllers. It's tempting to put something like "<% if user == admin then renderPartial(this) else renderPartial(that) %>" in your View, but that violates MVC principles in my opinion. Much better to use ViewModels or populate ViewData in your controller.
I have a requirement for multiple Role Providers per website. What I'm not seeing is if/how to tell ASP.Net which provider to use (similar to the membership provider property on the login controls). I have a feeling that since this is done (I beleive) in an HTTP Module the role check may be occuring before the page life cycle ever begins - but I'm hoping someone gives me a different answer.
If I want to have multiple providers per website am I going to have to junk the configuration in web.config and perform the checks manually?
The Providers property references all the role providers enabled for an application. You can control which provider you wish to use at runtime like this:
RoleProvider provider = Roles.Providers["MyRoleProvider"];