I am trying to make the move from PHP to ASP.NET. I have about 10 years experience with PHP, and 4 with C#.
But I having problems with the authentication and membership system in ASP.NET. So i have spend quit a lot of time finding a guide on how to create a membership provider for a custom database setup from scratch, but i can't find any that i can get to work.
So do one of you guys know a good guide to creating and implementing a custom membership provider?
You can find a ton of great ASP.NET Security related tutorials and information at http://www.asp.net/web-forms/security.
Specifically on how to create a custom MembershipProvder: http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider.
You can also read this: Using Access instead of SQL server for your ASP.NET Application Services which has a download to sample providers.
Creating a custom membership provider is usually as simple as creating a class that inherits SqlMembershipProvider and then setting it up in the web.config
Related
I've been Googling terms like
configure database for mvc authentication
But I can't find anything from this decade that relates to my configuration.
I've created an MVC application using .NET Framework 4.6 with authentication support (database first). Now where do I find step-by-step instructions for creating the database tables and configuring MVC to use them?
Thanks for any tips!
The correct thing to google for is 'ASP.NET Identity'.
If you generate an MVC app straight from one of the templates it will generate a number of classes to handle security and identity.
One of these classes will implement interface IUserStore. The class provided will inherit from Microsoft.AspNet.Identity.EntityFramework.UserStore<TUser>, and uses Entity Framework to check the database if the tables exist, and create them if they are not there.
If you are uneasy about giving your application enough privileges to modify your data schema (ew!), you can create your own class that implements IUserStore and plug that into the system.
It's a big topic, but hopefully this is enough to get started with.
As you know, Microsoft removed ASP.NET Web Configuration Tool in VS2013 and it is a bad downgrade for it. thanks THIS post that shows a way (but difficult) to use ASP.NET Configuration Tool.
so what is the easiest way to define memberships, roles, users, access rules and ...?
ASP.NET Web Configuration Tool was really simple and user friendly.
Any more suggestions would be greatly appreciated.
Microsoft is moving membership system from Membership Provider to ASP.NET Identity.
However, if you want to use Membership Provider there is a new one called ASP.NET Universal Providers.
ASP.NET Universal Providers supports NuGet package, and the package will create the requires membership tags in web.config.
Setting up membership/roles isn't much difficult once you understand the basics. You will love to set things up directly in the web.config, once you start using it.
Check these:
Setting up Membership
Setting up authorization rules
I am trying to build an MVC 4 app with MySQL as database and using asp.net System.Web.Providers, Entity Framework 5 with Code First approach. So far it's been hell!
I have made it work using MVC 3 AccountModel (since my mysql connector does not support the SimpleMembership yet).
So far users can be created, but I would like to have a little more information about the users stored in the database, e.g. what post they have authored, their website, etc.
For this purpose I have created a UserProfile class that stores this information.
How do I relate my UserProfile class to the asp.net auth-stuff, so I can get the extra user stuff, whenever I have my MembershipUser available?
Is the reverse possible?
Without more information it is hard to answer your question.
In general regards to MVC3 Membership, it sounds like you would be best looking at a custom membership provider. Try these for help
Code Project - Custom Membership Providers
ASP.NET MVC 2 Custom Membership Provider Tutorial
ASP.Net MVC 3 Custom Membership Provider with Repository Injection
or maybe the links in this StackOverflow answer
If custom membership seems over the top, you could try creating separate models that map to the UserProfile as mentioned in this and this.
Hope this is helpful.
I'm somewhat confused by membership providers for .NET. I have built a MVC 3 web application, but obviously login pages don't work out-of-the-box because I need to wire up a membership provider. I would have expected this process to be easy, but when I search for help I find numerous articles on writing custom providers. Can't I just set up a table or two, wire up a few details in web.config and have things work based on some default MVC membership provider?
I have no desire to re-invent the wheel!
TIA.
The MSDN membership installation documentation is still applicable through to .NET 4, although note that the default Membership provider changes in 4.5 - totally different table structures.
TL;DR
Create the aspnet membership database OR add the tables to your existing database (aspnet_regsql.exe, which is in the .net 2 framework folder)
Add the necessary membership and role provider configuration sections to your web.config.
Use the site admin tool to add users (or at least an initial Admin User)
I'm not very experienced at using ASP.NET, but I've used built in membership providers for simple WebForms application, and I found them PITA when trying to extend the way they work (add/remove few fields and redo controls accordingly).
Now I'm preparing for MVC (ASP.NET MVC or Monorail based) project, and I'm thinking - is there a better way to handle users? Have them log in/log out, keep certain parts of the site available to certain users (like logged in users, or something similar to "share this with friends" feature of many social networking sites, where you can designate users that have access to certain things.
How best to acheave this in the way that will scale well?
I guess, I wasn't clear on that. To rephrase my question:
Would you use standard ASP.NET membership provider for a web-facing app, or something else (what)?
The Membership Provider in ASP.NET is very handy and extensible. It's simple to use the "off the shelf" features like Active Directory, SQL Server, and OpenLDAP. The main advantage is the ability to not reinvent the wheel. If your needs are more nuanced than that you can build your own provider by extending overriding the methods that the ASP.NET controls use.
I am building my own Custom Membership Provider for an e-commerce website. Below are some resources for more information on Membership Providers. I asked myself the same questions when I start that project.
These resources were useful to me for my decision:
Writing a Custom Membership Provider - DevX
How do I create a Customer Membership Provider - ASP.NET, Microsoft
Implementing a Membership Provider - MSDN
Examining ASP.NET 2.0's Membership, Roles, and Profile - 4GuysFromRolla
Create Custom Membership Provider for ASP.NET Website Security - David Hayden
Setting up a Custom Membership Provider - Channel 9
I personally don't think there is a need to use something other than the builtin stuff unless you either want to abuse yourself or your needs are impossible to satisfy by the builtin functionality.
Have you considered using ActiveDirectory for this? Or, perhaps, OpenLDAP? You can manage each user's groups, permissions, 'authority', and so on.
keep certain parts of the site available to certain users (like logged
in users, or something similar to "share this with friends" feature of
many social networking sites
I guess you must custom code your thing.
I also do not like the asp.net Membership and custom code my membership needs...
A nice membership provider is a really missing thing in asp.net side...
It depends.
If it's an internal application, Active Directory or OpenLDAP might be the way to go.
If it's a public application, I suggest to look at aspnet_regsql. You will be able to setup a database with Authentication in no time.