Is it possible to create a Logon System with ASP.NET MVC but not use the MembershipProvider?

by

I had this exact same requirement. I had my own user and role schema and did not want to migrate to the asp.net membership schema but I did want to use the ASP.NET MVC action filters for checking authorization and roles. I had to do a fair amount of digging to find out exactly what needed to be done, but in the end it was relatively easy. I’ll save you the trouble and tell you what I did.

1) I created a class that derived from System.Web.Security.MembershipProvider. MembershipProvider has a ton of abstract methods for all sorts of authentication-related functions like forgot password, change password, create new user, etc. All I wanted was the ability to authenticate against my own schema. So my class contained mainly empty overrides. I just overrode ValidateUser: 

public override bool ValidateUser(string username, string password)
{
    if (string.IsNullOrWhiteSpace(username) ||
        string.IsNullOrWhiteSpace(password))
      return false;

    string hash = EncryptPassword(password);
    User user = _repository.GetByUserName(username);
    if (user == null) return false;

    return user.Password == hash;
}

2) I created a class that derived from System.Web.Security.RoleProvider. Again, I just had empty implementations for all the fluff I did not need like creating and changing roles. I just overrode two methods:

public override string[] GetRolesForUser(string username)
{
    User user = _repository.GetByUserName(username);
    string[] roles = new string[user.Role.Rights.Count + 1];
    roles[0] = user.Role.Description;
    int idx = 0;
    foreach (Right right in user.Role.Rights)
        roles[++idx] = right.Description;
    return roles;
}

public override bool IsUserInRole(string username, string roleName)
{
    User user = _repository.GetByUserName(username);
    if(user!=null)
        return user.IsInRole(roleName);
    else
        return false;
}

3) Then I plugged these two classes into my web.config:

<membership defaultProvider="FirstlookMemberProvider" userIsOnlineTimeWindow="15">
  <providers>
    <clear/>
    <add name="FirstlookMemberProvider" type="FirstlookAdmin.DomainEntities.FirstlookMemberProvider, FirstlookAdmin" />
  </providers>
</membership>
<roleManager defaultProvider="FirstlookRoleProvider" enabled="true" cacheRolesInCookie="true">
  <providers>
    <clear/>
    <add name="FirstlookRoleProvider" type="FirstlookAdmin.DomainEntities.FirstlookRoleProvider, FirstlookAdmin" />
  </providers>
</roleManager>

That’s it. The default authorization action filters will use these classes. You will still have to handle the login page sign in and sign off. Just use the standard forms authentication classes for this like you normally would.

More Related Contents:

  1. Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?
  2. Uploadify (Session and authentication) with ASP.NET MVC
  3. ASP.NET MVC – HTTP Authentication Prompt
  4. Context.User.Identity.Name is null with SignalR 2.X.X. How to fix it?
  5. AllowAnonymous not working with Custom AuthorizationAttribute
  6. What is ViewModel in MVC?
  7. Two related questions on jqGrid column header filters and the advanced filtering dialog
  8. How do you request static .html files under the ~/Views folder in ASP.NET MVC?
  9. Adding another “Pet” to a Model Form
  10. How to lock down paths in ASP.NET MVC?
  11. Why should I use view models?
  12. Multiple DB Contexts in the Same DB and Application in EF 6 and Code First Migrations
  13. ASP.NET MVC Html.ValidationSummary(true) does not display model errors
  14. HTML.ActionLink vs Url.Action in ASP.NET Razor
  15. How can I pass parameters to a partial view in mvc 4
  16. ASP.NET MVC framework 4.5 CSS bundle does not work on the hosting
  17. Is there a good/proper way of solving the dependency injection loop problem in the ASP.NET MVC ContactsManager tutorial?
  18. MVC @Url.Content vs @Url.Action
  19. ASP.NET MVC Programmatically Get a List of Controllers
  20. Should ServiceStack be the service layer in an MVC application or should it call the service layer?
  21. MVC ajax json post to controller action method
  22. MVC 3 file upload and model binding
  23. Best practices for debugging ASP.NET MVC Binding
  24. How to compile cshtml before runtime
  25. CORS in ASP .NET MVC5
  26. how to implement ASP.NET Identity to an empty MVC project
  27. How to create a function in a cshtml template?
  28. Repository Pattern vs DAL
  29. Razor ViewEngine HTML.Checkbox method creates a hidden input. Why? [duplicate]
  30. View Model IEnumerable property is coming back null (not binding) from post method?

Leave a Comment