2 years ago i was using mysql security providers [membership,role] from code-project article:
http://www.codeproject.com/KB/database/mysqlmembershipprovider.aspx
do we still need that or the current mysql-connector provide that? i saw something called [MySql.Web.dll] so is that a replacement or not!
please en-light and guide me,
thanks,
You can use the MySQL Providers. They work great. No need for other providers. The advantage of your custom provider is maybe just more flexibility.
We customized our own provider, so we cannot switch.
Not sure what more you wanna know?
I believe you still need a third party or custom build provider to connect to a MySQL database, check out http://schleichermann.wordpress.com/2009/10/21/asp-net-mysql-membership-provider/. This will walk you through using MySQL .Net connectors
EDIT you can of course use the link you've provided in your question as well. I'm just not sure how out of date that might be.
Related
I support a legacy webforms application with SQL backend and have been trying to upgrade it bit by bit
I have upgraded to .NET 4.6 (highest the hosting provider allows), added some jQuery, EF 6 goodness, refactoring in general and attempting to switch to code first from database first edmx, my next plan is to start creating new features using some kind of front end library like Vue.
But...
My problem at the moment is Membership.
It is used throughout the code and statements like
new Guid(Membership.GetUser().ProviderUserKey.ToString())
are literally too many to bear.
And the database has 10 tables and 9 views for it.
vw_aspnet_Applications
vw_aspnet_MembershipUsers
vw_aspnet_Profiles
etc..
The application is using it for authentication and for keeping track of which user is doing what.
Is there a way to upgrade that to a modern solution without much hassle?
I can take the effort out of my own time but I'd prefer a solution that is not overkill.
the amount of users is probably less than 20 so the alternative doesn't have to be complex.
It just has to support most of what Membership is doing.
I've played with Auth0 for a bit in my own time but it seems to be not suited for this.
There is MS Identity as well but I'd prefer to take advice before going into a rabbit hole.
Thanks!
Definitely no simple upgrade. Here's what we did in our case.
Created ASP.NET Identity tables. We made it similar to Membershipusers table and later migrated the whole table.
Added ApplicationUser, ApplicationRole,ApplicationUserManager , ApplicationSignInManager, ApplicationDbContext
Implements Autofac for DI defined at Startup.cs.
Worked on Login/Signup Controller classes.
Finally migrated the whole Membership DB to new aspnetusers table.
Application was initially designed using NOPCommerce (asp.net webforms) and its was relieve to replace Membership.GetUser().ProviderUserKey.ToString() to User.Identity.GetUserId()
Hassle free ? Do you mean easy path (or) scalable path ?
Design is more an opinion rather than objective. It's mostly based on the facts one know about the problem statement. Based on your's i would recommend the following.
Separate all the membership related code into a library (if not already done)
Now write interfaces that will abstract the actual authentication mechanism from the member ship related code in your project. That way your code doesn't need to be changed for any authentication related mechanism. This wouldn't also require change of database schema.
Now for real authentication use something like Auth0 (https://auth0.com/blog/add-auth-to-native-desktop-csharp-apps-with-jwt/) something like this will be easy to implement. But i don't know if your's is a commercial project / how the licensing will work. I know there is a free version for auth0, but i request you to check it out.
I need to implement Role/Group based authentication in my ASP.Net web application using Active Directory Domain Services and LDAP. i want to use user’s windows logon identity credentials for authentication. I have no clue where to start.
If anybody have implemented the similar requirement, please reply with some pointers.
Also, please let me know, how i can test this in my organisation network and What should be the LDAP server credentials? Can i add our custom groups?
Please reply asap.
I'm just looking into this myself. In the past I've implemented Azman (authorization manager) on windows 2003 (it comes with windows 2003). This seems to work well; my app's been in production for 3 years with a fairly complex config and has held together ok.
Azman has been developed further with windows 2008, but I haven't implemented on this platform yet.
The thing that I liked about Azman was that it abstracts the authorization management away from the app code itself and can give very granular permissions. That said I'm still looking around for alternatives; the biz rule functionality always felt abit flaky for some reason and at least for my app became very important (biz rules let you set context around rights... so for example bob can edit some textbox, but only for specific records). Anyhow here's a few links that might help:
http://support.microsoft.com/kb/324470
http://msdn.microsoft.com/en-us/magazine/cc300469.aspx
I'm not sure if these articles answer all your questions.. or maybe you've found another solution? If after reading you have more questions just yell :)
I have a website and I wanted to become an open ID publisher. How to do that?
Depending on your exact requirements, you might want to try OpenID delegation instead. You can then use your website as a layer of abstraction over a third party provider.
As you're building for asp.net - take a look at DotNetOpenAuth. It's a free, open-source library that can make your asp.net webrite an OpenID provider (your website can be used to identify you) or a relying party (users can log in on your website using OpenID).
In fact, StackOverflow uses it as well, and so do I. It has a number of examples, and it's pretty reliable and secure.. Definitely recommended! :)
If you just want to run your own identity server, then a good place to start looking is here. I run phpMyID on my site that acts as an openID server for me, it was easy to set up, seems to work, and no-one has stolen my identity ..yet.
I am currently converting a very old, but working classic ASP site to ASP.Net.
It has a completely custom written user management system. Whilst it works fine, it really needs a refresh as I want it to be more flexible for some future projects in the works.
When I asked someone about this, they said "You need to use the Microsoft Provider" and gave a lecture on how Microsoft release all these things for free and how good they are and should be re used as much as possible.
I have done quite a bit of research on it (mainly looking at the videos on http://asp.net/learn ) and am very impressed by some of the features as there appears to be drag and drop components for items that would take me ages to write.
However, the current membership database is complicated to explain, it is a completely custom written database that has many internal relations... It is not really "compatible" with the default Microsoft Provider.
I have taken a look at How Do I: Create a Custom Membership Provider?, but I feel a little out of my comfort zone and worried it will either be slow, introduce a security hole or simply won't work.
At the end of the day, the Microsoft Membership Provider should work for me - the only customisations I really need is the login to use the username/password field in my database and the create user script which has a lot of custom code to several third party systems (needing to provision services etc.).
I was just wondering, what would you do if faced with a similar situation?
Use the Microsoft Membership Provider and somehow get it to work for you (although I would like suggestions)
Use the Microsoft Membership Provider but use custom provider that is customised around your code.
Use your own completely customised solution?
That video does complicate things :) If you're going to implement a custom provider then reflector over the existing one is a good place to start :)
As a quick and dirty option you could, of course, hack the stored procedures that the SQL Membership provider uses but the custom code to provision services is probably stretching that.
If you think about it the remote provisioning of services doesn't really belong in a membership provider, it's not really a membership function - all membership does is provide usernames and passwords and authentication around them. My own feeling is that you should move the provisioning of services out of there, and perform it on the ASP.NET site after a user has been created - even if that's just calling a stored procedure once the membership provider has done its thing. If you do this you may find that the SQL membership provider will do everything you need it to (probably with the Roles & profile providers too), and thus you have way less code to write!
I've been in similar situations in the past. In both cases we created custom implementations of the providers (MembershipProvider, RoleProvider, ProfileProvider) around the existing mechanism.
In both cases we only used the provider implementations for read-only access, e.g. to give us the easy validation gubbins in web.config and suchlike. The user administration code was left well alone as it worked just fine.
If the existing provider works (has the right fields for your data), use that to start. You can VERY easily replace that with a customer provider later (just a single config value change).
Beware there isn't an "out of the box" ASP.NET management interface for that, you'll need to roll your own or use a third party one.
Use my specialized MembershipProvider to work against my own database tables.
Does anyone have any examples of using Sqlite with ASP.NET membership? I am building a small "drop-in" type web application and don't want to rely on an SQL database for storing user credentials, etc. Sqlite seems like a good option, and I have been impressed with its performance in Elmah; I wouldn't mind using xml as a data store either.
On another note, perhaps asp.net membership isn't a good choice for basic form level security? The app will not require more then a couple users for those who implement it, and at this time I don't see a need for roles. My thought of using asp.net membership is simplicity to setup and get running; why build a security class if I don't need to, right?
Any other suggestion are surely welcome; thank you for your time.
It looks like Roger Martin's project - http://www.codeproject.com/KB/aspnet/SQLite-Providers.aspx - is now the recommendation for SQLite connectivity.
This is suggested by Peter Bromberg (http://twitter.com/peterbromberg/status/5031854389) and the next top resource on Google is the above by Roger Martin, who suggests that as the place to get the provider (http://galleryserverpro.blogspot.com/2009/08/new-release-adds-support-for-flash.html#comments).
Seeing as how it's part of a semi-commercial product (and the author is trying to get back to work on it as a full-time job), it seems this will be kept up to date.
EDIT 1: More information about the ordering of released providers for SQLite: http://sqlite.phxsoftware.com/forums/p/75/397.aspx
I am a big fan of SQLlite as well. I would say asp.net membership is good enough for the basic stuff.
Peter at Eggheadcafe has this right article about sqllite, check it out.
Article
For using the membership provider with other databases look at a custom membership provider
There's a new, updated source for Roger Martin's SQLiteMembershipProvider
nuget package: https://www.nuget.org/packages/SQLiteMembershipProvider
sourcecode: https://bitbucket.org/jkuemerle/sqlitemembershipprovider