I am exploring the possibilities of ASP.NET MVC in the example webapplication of Visual Studio the WebMatrix.WebData.WebSecurity is used for Membership (creating accounts, and specify that a user is logged in to view a specific page etc.). But after some searching I found that there is also a System.Web.Security.FormsAuthentication class that can be used for Membership.
Does anybody know the differences/pro's and cons between these two classes? And when to use WebSecurity and when to use FormsAuthentication? (and maybe a clear example of FormsAuthentication)
Thanks in advance
WebSecurity was introduced in WebMatrix 2 and ASP.NET MVC 4. It relies on the SimpleMembershipProvider. Under the covers it uses FormsAuthentication to manage cookies. So I guess that if you are starting a new project you would opt for the new model if this model fits your needs. Bare in mind that the SimpleMembershipProvider exposes less functionality than the original provider.
The original membership provider uses the SqlMembershipProvider which in turn uses plain ADO.NET to query the database.
The SimpleMembershipProvider uses the new Database class introduced in WebMatrix to query the SQL database.
The main differences between old ASP.NET Membership provider and SimpleMembershipProvider are explained in this good article - http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
It is better to use SimpleMembershipProvider (WebMatrix.WebData.WebSecurity) than old ASP.NET Membership Provider (or Universal Providers)
Related
We have an old asp.net(web.forms) membership database(aspnet.users,membership,roles,etc..)
how can I integrate this with new mvc application.
I checked this answer but this uses a completely new database, and according to this post , it's gonna be a pain. I'm wondering whether this solution would work. I will of course hook up our custom user identity. I just need the core or main steps to do this.
Thanks..
Take a look at the answer to this question. It demonstrates how to implement IUserStore, IUserPasswordStore, IUserEmailStore and IPasswordHasher to consume an exising ASP.NET Membership database in ASP.NET Identity.
I have implemented working solution of custom nhibernate membership provider to use in mvc3 projects. It was separated web.membership project which covers all that I need in my web apps.
Now I want to switch to mvc4 and I have noticed that it uses System.Web.Security.FormsAuthentication class in the Account controller, also it uses the WebMatrix.WebData.Security class.
If anyone know useful tutorials on how to write custom (nhibernate or not) simple membership provider it would be great.
Thanks
The System.Web.Security.FormsAuthentication has absolutely nothing to do with Membership. This is used to emit forms authentication cookies and this was class was present since ASP.NET 1.0 and is not specific to MVC4.
The SimpleMembership Provider is indeed a new custom membership provider that was designed for ASP.NET MVC 4 and it uses SQL Server to query the database.
You could still use your custom membership provider in MVC4 without any problems. The Simple Membership Provider was created in order for users that do not have any existing membership provider code to get started with MVC. Since you already have a working implementation with NHibernate I would recommend you using that. The Simple Membership Provider was not intended to be customized that way.
I've got a few top-level questions about ASP.NET Membership and Role providers. I've done some searching but am having a hard time finding some layman tutorials. I have been coding in ASP.NET for a while now but the only real experience I have with authentication is the use of FormsAuthentication.SetAuthCookie(usernameFromDatabase, false);
When I use the SetAuthCookie() method above am I using the ASP.NET Membership Provider? Correct me if I'm wrong please but I don't think I am. I am just setting an authentication cookie right? I usually implement my own custom methods in my data repositories like GetUser_ByUsername(string username) which then talks to the ORM and gets the right user.
Do the Membership and Role Providers have their own data storage?
What if I want to use my own data storage?
Do I need to implement my own membership/role provider, and how would one go about doing that?
Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider?
I'm just looking for a brief tutorial/explanation of this system. If you have any good references for me to look at I will happily take a look :)
Implementing a membership provider is not too hard. Note that you only need to implement the methods that you plan to actually use. The membership provider should be viewed as a means to interact with your user information from an authentication perspective. It won't create the auth cookie for you; you do that after a successful call to the ValidateUser method on the provider. It will allow you to develop an application against the provider interface and easily change which provider you want to use via configuration rather than rewriting the application code. I've successfully implemented several different membership providers, using my own schema, which support built-in and hybrid built-in/active directory authentication. More info available via the links below:
Article: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Sample Implementation Description: http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
Sample Code: http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
SetAuthCookie() works with the Forms Authentication framework within ASP.NET which you can then adapt for integration with a membership provider.
Do the Membership and Role Providers have their own data storage?
They can, yes. There is an abstract implementation that you can subclass for your specific data needs. There is a SqlMembershipProvider you can use right out of the box, you just need a database to point to and create the needed tables. There is quite a bit of information on that class, like here or here.
What if I want to use my own data storage?
The SqlMembershipProvider does, but check out this alternative MySQL framework if you're interested in seeing how another DBMS does it.
Do I need to implement my own membership/role provider, and how would one go about doing that?
Using the built-in ones is pretty easy, but a lot of shops roll their own so that they can use existing tables. You'll need to implement this class.
Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider?
In all likelihood you'll need a stronger system, and a custom membership provider is a good idea.
1 - Yes, if you use the built in membership/role providers they use tables created either in a separate database or an existing one. You use the tool aspnet_regsql.exe to create these tables - it walks you through a wizard. Alternatively, it can also be called from the command-line with different arguments in order to skip the wizard. This is some info from MS about creating the necessary DB/tables within your DB.
2 - You can do that, but you have to implement a custom membership provider, which isn't really difficult. Here and here are some tutorials.
3 - You don't necessarily need to unless you either want to use your own data stores or you need functionality from it that isn't present in the built-in providers.
4 - I would say you're better off using the built-in functionality ASP.NET provides for membership and roles.
I'm creating a website using ASP.NET MVC 2 and I'm thinking of using the default AccountController and Views to take care of the Users.
The only problem is that, for all the rest, I'm using a Postgres database.
Is there a way to link The account controller to a User class defined by me?
I'm using Nhibernate to connect to the database, so I'll have a User class with whatever fields necessary.
Thanks very much.
You might want to look at NHibernate Membership Provider project and use it as a base to build from.
It uses the membership provider defined in your web.config. By default, this is the SQL Server provider. You can change that, though. You could use a Postgres provider, or switch to a different authentication system like OpenID. (Authentication is different than the membership provider.)
Use a custom membership provider for PostgresSQL like this one:
http://blog.woodchop.com/2006/09/postgresql-membership-provider-for.html
I've been reading about overriding the Membership Provider and the Role Provider. I think this is what you need to do when doing Asp.net Form projects. Is this also the way to go with Asp.net MVC projects or there is a better way to do so?
Thanks :)
You could use the built in membership provider
http://dotnetaddict.dotnetdevelopersjournal.com/aspnet35_membership.htm
or create a custom one
How do I create a custom membership provider for ASP.NET MVC 2?
http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider
Yes, ASP.NET MVC uses the Membership API by default. However, you can always use your own logic if you want to, but most functionality for the Membership API is in there already.
You'll need:
A custom MembershipProvider
If you use roles, a custom RoleProvider
If you use profiles, a custom ProfileProvider