How can I attach a custom membership provider in my ASP.NET MVC application?
Question
How do I tie up my custom membership provider with my ASP.NET MVC [Authorize()] attribute? I've blasted through a number of tutorials for how to create a custom membership provider but all the information I've found about how to hook it up to an application seems to revolve around regular ASP.NET WebForms applications which seem to be a piece of cake.
I'm coming unstuck with the amount of "magic" that just happens in ASP.NET MVC which is great, but I'm used to plugging stuff in in a WebForms way so this "it just works" methodology is a bit of a mind bender for me. How do I know when I'm supposed to do the heavy lifting or I'm supposed to just rely on it happening by magic?
Where do I tie my provider in to an MVC app? Am I right in assuming that it is invoked through the [Authorize()] attribute once I do get it hooked up?
3 answers
solution1
6 ACCPTED 2009-11-03 03:22:45
Hopefully I can add some additional clarity over the other answers as they really don't explain what's going on which isn't going to help your confusion.
First up, implement your custom provider which from the sound of things you've done already, so I'll just throw up a little code snippet and won't go into any further detail here:
using System.Web.Security;
public class MyCustomMembershipProvider : MembershipProvider
{
public override bool ValidateUser(string username, string password)
{
if (username.Equals("BenAlabaster") && password.Equals("Elephant"))
return true;
return false;
}
/* Override all the other methods required to extend MembershipProvider */
}
Then you configure your provider in your web.config making sure to populate the attributes that configure the base MembershipProvider:
<membership defaultProvider="MyCustomMembershipProvider">
<providers>
<clear />
<add name="MyCustomMembershipProvider"
type="MyNamespace.MyCustomMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="10"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
The next bit I think you're overthinking, the actual tie-in to your web application. Whereas in a WebForms app you kind of have to code the rest for yourself - the MVC framework does the rest for you - all you need to do is add the [Authorize] attribute to your action method and the framework will check to see if you're logged in, and if not redirect you to the login page. The login page will find your custom provider because that's what's configured in the web.config and will log your user in. You can access information about the logged in user from your controllers by referencing the User object:
public class WhateverController : Controller
{
[Authorize]
public ActionResult WhateverAction()
{
ViewData["LoggedInAs"] = string.Format("You are logged in as {0}.", User.Identity.Name);
Return View();
}
}
So this action requires that the user is logged in and presents the user information to the Whatever/WhateverAction.aspx view to be displayed on the page.
solution2
1 2009-10-31 20:02:39
My custom membership provider is referenced in the web.config:
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider" type="Namespace.MyMembershipProvider, Namespace" connectionStringName="connstring" [...] />
</providers>
</membership>
Then just use static Membership class.
solution3
0 2009-10-31 19:59:03
How much did you change in this custom membership? Like did you change table names around? Can you log users in and stuff? Ie is your custom membership working?
If you changed lots of stuff around like you changed the roles table name to something different or stuff like that then your going to have to override the Authroize tag.
However if your custom membership is not working then you probably have not configured it right and configuring is the same as in webforms. You just have to setup your webconfig.
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="10"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ConnectionString" applicationName="/" />
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ConnectionString"
applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.