Looking for a light weight alternative to the membership provider. Does such a thing exist?
It should allow for the creation and modification of accounts, nothing to fancy. A password reset would also be nice. Would be great if it didn't require a database but used some object database (couchdb, db40 etc). Basically as I wrote, a simple and light weight version of the membership provider.
I highly recommend Artem XML Providers.
A full provider stack with XML backing store.
Perfect for small sites with few users as well as for demo apps.
I just published a Membership and Roles providers that use CouchDB as the backed. You may download it from: http://couchdbnet.codeplex.com/
Related
I'm implementing my frist web application on asp.net mvc 4 and I need to differentiate my users according to roles ( show certain menus to some roles and hide them from others) basically what i want is to manage my users and roles. I understand that security is quite an important part of my application so I don't want to risk it by implementing something not secure while there are other options for doing this.
My question is, is there something already built on MVC 4? is it apropiate for my a small site? ( I don't expect more than 50 concurrent users) is it better to implement my own user administrator? if so, where can I start? so far what I've found is the membership provider but it seems quite big for what i need, there will be no user registration instead the new users will be added by system admins.
Thanks for taking the time for reading this, any feedback will be appreciated!
I would have recommended the default membership provider as it makes use of security industry best practices (i.e. salted hash). However, if that seems overkill, there is a simpler membership provider called SimpleMembership Provider
You can use New ASP.NET Universal Providers (updated version of legacy Membership Provider).
It can be used in small application as well as large application (if you application continues to grow).
Password is encrypted with salt, so it cannot be compromise easily.
Follow the Scott Hanselman's link and see the demo. You will see how easy to set up.
I am a new guy in Asp.net. I have one requirement of doing one asp.net application with Custom Membership provider. If you any source code of the same, please share with me. I searched alots in net. but i couldnt understand completely yet. Please help me..
Nobody here will share commercial code with you.By knowing this fact,you should consider before asking your questions.
For your interest of membership,you should search for custom membership implementation
Have you checked MSDN documents?
I think they should be sufficient to understand easily with examples.
Implement a Custom Membership
Implementing a Membership Provider
I have created a Membership, Role, and Profile providers for MongoDB (mongodb.org).
The source code is here:
https://github.com/agarcian/MongoDBASPNetProviders
I used http://msdn.microsoft.com/en-us/library/ms366730.aspx (referenced in the accepted answer) as the basis for my code.
I have found that the Membership provider is most useful when coupled with the Profile provider, and sometimes with the Role provider.
There is a good new open source Membership Provider that works with ASP.NET MVC4. Very Flexible and main dev is developing permissions system addon for it, so you can get more thne usual membership
I am currently converting a very old, but working classic ASP site to ASP.Net.
It has a completely custom written user management system. Whilst it works fine, it really needs a refresh as I want it to be more flexible for some future projects in the works.
When I asked someone about this, they said "You need to use the Microsoft Provider" and gave a lecture on how Microsoft release all these things for free and how good they are and should be re used as much as possible.
I have done quite a bit of research on it (mainly looking at the videos on http://asp.net/learn ) and am very impressed by some of the features as there appears to be drag and drop components for items that would take me ages to write.
However, the current membership database is complicated to explain, it is a completely custom written database that has many internal relations... It is not really "compatible" with the default Microsoft Provider.
I have taken a look at How Do I: Create a Custom Membership Provider?, but I feel a little out of my comfort zone and worried it will either be slow, introduce a security hole or simply won't work.
At the end of the day, the Microsoft Membership Provider should work for me - the only customisations I really need is the login to use the username/password field in my database and the create user script which has a lot of custom code to several third party systems (needing to provision services etc.).
I was just wondering, what would you do if faced with a similar situation?
Use the Microsoft Membership Provider and somehow get it to work for you (although I would like suggestions)
Use the Microsoft Membership Provider but use custom provider that is customised around your code.
Use your own completely customised solution?
That video does complicate things :) If you're going to implement a custom provider then reflector over the existing one is a good place to start :)
As a quick and dirty option you could, of course, hack the stored procedures that the SQL Membership provider uses but the custom code to provision services is probably stretching that.
If you think about it the remote provisioning of services doesn't really belong in a membership provider, it's not really a membership function - all membership does is provide usernames and passwords and authentication around them. My own feeling is that you should move the provisioning of services out of there, and perform it on the ASP.NET site after a user has been created - even if that's just calling a stored procedure once the membership provider has done its thing. If you do this you may find that the SQL membership provider will do everything you need it to (probably with the Roles & profile providers too), and thus you have way less code to write!
I've been in similar situations in the past. In both cases we created custom implementations of the providers (MembershipProvider, RoleProvider, ProfileProvider) around the existing mechanism.
In both cases we only used the provider implementations for read-only access, e.g. to give us the easy validation gubbins in web.config and suchlike. The user administration code was left well alone as it worked just fine.
If the existing provider works (has the right fields for your data), use that to start. You can VERY easily replace that with a customer provider later (just a single config value change).
Beware there isn't an "out of the box" ASP.NET management interface for that, you'll need to roll your own or use a third party one.
Use my specialized MembershipProvider to work against my own database tables.
In my current project, we need to authenticate users of an ASP.NET application against Active Directory. I think it can be achieved using the membership provider without too much problems. but we need also to manage user roles that will be kept in the ASP roles management tool.
Did anyone implement this configuration? Does it look feasible?
Any tip for one or the other point?
Thanks.
David
Yes! The ASP.NET role provider is designed to work exactly in that case - the particulars of the authentication provider are irrelevant to the role provider, and it will store the bare essential information to make the two work together - basically the user's AD identity (domain\user) is tracked in the role database and matched up when necessary.
There is an ActiveDirectoryMembershipProvider that can be used to use Active Directory for authenticating users.
Alternatively, you could roll your own MembershipProvider by extending the abstract MembershipProvider class and then use System.DirectoryServices to check against Active Directory when validating a user (ValidateUser method of MembershipProvider). This is pretty straightforward to do and you need only implement the methods that you actually need in the custom provider.
You might consider implementing your own RoleProvider too, depending on whether the default fits your needs.
Use it all the time, intranet only of course.
You may be interested in the WindowsTokenCachingRoleProvider. In scenarios where performance is essential, this really shines:
http://lvildosola.blogspot.com/2007/02/improve-performance-when-using.html
Simple and elegant.
Please take a look at this question, seems like you're asking for pretty much the same thing, and my answer there should give you what you need.
ASP.NET Membership and Role providers that can be used from ASP.NET and WinForms/WPF clients as needed.
Does anyone have any examples of using Sqlite with ASP.NET membership? I am building a small "drop-in" type web application and don't want to rely on an SQL database for storing user credentials, etc. Sqlite seems like a good option, and I have been impressed with its performance in Elmah; I wouldn't mind using xml as a data store either.
On another note, perhaps asp.net membership isn't a good choice for basic form level security? The app will not require more then a couple users for those who implement it, and at this time I don't see a need for roles. My thought of using asp.net membership is simplicity to setup and get running; why build a security class if I don't need to, right?
Any other suggestion are surely welcome; thank you for your time.
It looks like Roger Martin's project - http://www.codeproject.com/KB/aspnet/SQLite-Providers.aspx - is now the recommendation for SQLite connectivity.
This is suggested by Peter Bromberg (http://twitter.com/peterbromberg/status/5031854389) and the next top resource on Google is the above by Roger Martin, who suggests that as the place to get the provider (http://galleryserverpro.blogspot.com/2009/08/new-release-adds-support-for-flash.html#comments).
Seeing as how it's part of a semi-commercial product (and the author is trying to get back to work on it as a full-time job), it seems this will be kept up to date.
EDIT 1: More information about the ordering of released providers for SQLite: http://sqlite.phxsoftware.com/forums/p/75/397.aspx
I am a big fan of SQLlite as well. I would say asp.net membership is good enough for the basic stuff.
Peter at Eggheadcafe has this right article about sqllite, check it out.
Article
For using the membership provider with other databases look at a custom membership provider
There's a new, updated source for Roger Martin's SQLiteMembershipProvider
nuget package: https://www.nuget.org/packages/SQLiteMembershipProvider
sourcecode: https://bitbucket.org/jkuemerle/sqlitemembershipprovider