I am using the default .NET Membership Provider for user management in my site.
On creating a user I would like to set a first name and last name, as provided by the user. Any idea how I might do this?
The easiest way is probably to use the built-in profile functionality in ASP.NET. Here's a good explanation of how it works within MVC specifically:
http://wiki.asp.net/page.aspx/1327/profile-provider-in-aspnet-mvc/
And here is the the MSDN article about profiles:
http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx
Related
I am exploring the possibilities of ASP.NET MVC in the example webapplication of Visual Studio the WebMatrix.WebData.WebSecurity is used for Membership (creating accounts, and specify that a user is logged in to view a specific page etc.). But after some searching I found that there is also a System.Web.Security.FormsAuthentication class that can be used for Membership.
Does anybody know the differences/pro's and cons between these two classes? And when to use WebSecurity and when to use FormsAuthentication? (and maybe a clear example of FormsAuthentication)
Thanks in advance
WebSecurity was introduced in WebMatrix 2 and ASP.NET MVC 4. It relies on the SimpleMembershipProvider. Under the covers it uses FormsAuthentication to manage cookies. So I guess that if you are starting a new project you would opt for the new model if this model fits your needs. Bare in mind that the SimpleMembershipProvider exposes less functionality than the original provider.
The original membership provider uses the SqlMembershipProvider which in turn uses plain ADO.NET to query the database.
The SimpleMembershipProvider uses the new Database class introduced in WebMatrix to query the SQL database.
The main differences between old ASP.NET Membership provider and SimpleMembershipProvider are explained in this good article - http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
It is better to use SimpleMembershipProvider (WebMatrix.WebData.WebSecurity) than old ASP.NET Membership Provider (or Universal Providers)
What the the Open source Library available in the C#.NET for the SSO.
Basically I want to connect with Google SSO then will further continue with other providers.
Check out: DotNetOpenAuth
Also, you may want to check the following links:
http://msdn.microsoft.com/en-us/library/ms972971.aspx
http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx
The Windows Identity Foundation (WIF) is Microsoft's official library for identity federation.
In your scenario you can also use Access Control Service (ACS) to federate identity with Google, Yahoo!, etc. All of them (and more) are supported out of the box.
Samples, documentation, etc. available here: http://claimsid.codeplex.com
If you have a bit more control over your servers, Shibboleth might be an option as well. It actually simplified a large portion of our application that serves thousands of users and it is well thought out, flexible, and scalable. Basically, define a directory that should be watched for credentials and Shibboleth takes care of the rest.
You should use DotNetOpenAuth, as stated in Kamyar's answer. If you want to see a whole implementation using DotNetOpenAuth and other series of auxiliary libraries, you should have a look at this article:
Integrating OpenID in ASP.NET Web Forms using DotNetOpenAuth
I've got a few top-level questions about ASP.NET Membership and Role providers. I've done some searching but am having a hard time finding some layman tutorials. I have been coding in ASP.NET for a while now but the only real experience I have with authentication is the use of FormsAuthentication.SetAuthCookie(usernameFromDatabase, false);
When I use the SetAuthCookie() method above am I using the ASP.NET Membership Provider? Correct me if I'm wrong please but I don't think I am. I am just setting an authentication cookie right? I usually implement my own custom methods in my data repositories like GetUser_ByUsername(string username) which then talks to the ORM and gets the right user.
Do the Membership and Role Providers have their own data storage?
What if I want to use my own data storage?
Do I need to implement my own membership/role provider, and how would one go about doing that?
Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider?
I'm just looking for a brief tutorial/explanation of this system. If you have any good references for me to look at I will happily take a look :)
Implementing a membership provider is not too hard. Note that you only need to implement the methods that you plan to actually use. The membership provider should be viewed as a means to interact with your user information from an authentication perspective. It won't create the auth cookie for you; you do that after a successful call to the ValidateUser method on the provider. It will allow you to develop an application against the provider interface and easily change which provider you want to use via configuration rather than rewriting the application code. I've successfully implemented several different membership providers, using my own schema, which support built-in and hybrid built-in/active directory authentication. More info available via the links below:
Article: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Sample Implementation Description: http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
Sample Code: http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
SetAuthCookie() works with the Forms Authentication framework within ASP.NET which you can then adapt for integration with a membership provider.
Do the Membership and Role Providers have their own data storage?
They can, yes. There is an abstract implementation that you can subclass for your specific data needs. There is a SqlMembershipProvider you can use right out of the box, you just need a database to point to and create the needed tables. There is quite a bit of information on that class, like here or here.
What if I want to use my own data storage?
The SqlMembershipProvider does, but check out this alternative MySQL framework if you're interested in seeing how another DBMS does it.
Do I need to implement my own membership/role provider, and how would one go about doing that?
Using the built-in ones is pretty easy, but a lot of shops roll their own so that they can use existing tables. You'll need to implement this class.
Or is my way of just setting the auth cookie and then using my own retrieval methods, etc, the best way of doing a custom membership/role provider?
In all likelihood you'll need a stronger system, and a custom membership provider is a good idea.
1 - Yes, if you use the built in membership/role providers they use tables created either in a separate database or an existing one. You use the tool aspnet_regsql.exe to create these tables - it walks you through a wizard. Alternatively, it can also be called from the command-line with different arguments in order to skip the wizard. This is some info from MS about creating the necessary DB/tables within your DB.
2 - You can do that, but you have to implement a custom membership provider, which isn't really difficult. Here and here are some tutorials.
3 - You don't necessarily need to unless you either want to use your own data stores or you need functionality from it that isn't present in the built-in providers.
4 - I would say you're better off using the built-in functionality ASP.NET provides for membership and roles.
I'm creating a website using ASP.NET MVC 2 and I'm thinking of using the default AccountController and Views to take care of the Users.
The only problem is that, for all the rest, I'm using a Postgres database.
Is there a way to link The account controller to a User class defined by me?
I'm using Nhibernate to connect to the database, so I'll have a User class with whatever fields necessary.
Thanks very much.
You might want to look at NHibernate Membership Provider project and use it as a base to build from.
It uses the membership provider defined in your web.config. By default, this is the SQL Server provider. You can change that, though. You could use a Postgres provider, or switch to a different authentication system like OpenID. (Authentication is different than the membership provider.)
Use a custom membership provider for PostgresSQL like this one:
http://blog.woodchop.com/2006/09/postgresql-membership-provider-for.html
Does anyone know of a good framework to allow me design permission and roles against users.
Basically allowing me to automatically check a user can do a certain thing, and then disabling or enabling menu items etc
I am not really looking for asp.net security ... as i need to use it in my own service layer and clients both WEB and WPF will use it.
I was hoping for something that allows me to create new roles and groups against users and then check what type of permissions a user has or a group has
Any help really appreciated..
I am sure some kind of open source framework is available, well i was hoping not having to create my own
Thanks
ASP.NET Membership
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
If the features that ASP.NET membership/role providers (SQL Server providers for instance) give you are sufficient, I suggest you use them. You can create a web service interface for your WPF application that uses the same providers to query the user list and roles. They are in no way limited to "web forms" only.
Even if you decide not to use the built-in providers, I suggest you still access your own stuff through ASP.NET's provider system by creating custom providers. That way, anything in ASP.NET that relies on standard users/roles will "just work".