ASP.NET MVC 3 with service client as database access layer
Question
I am writing an MVC 3 application, which doens't use the classic approach of accesing the database using the Entity Framework. Instead I have another application combined of WCF Services, which are used to manage the database access. Now I want to used those services in my MVC application, as the database access. This part is simple. The point where it gets harder is managing authentication and authorization in this scenario.
For authentication and authorization, I have created custom membership and role providers. I have implemented the necessary methods, but here I have ran into the problem. My services require username and password, to get the list of user roles.
I am wondering how can I store the username and password provided by user on logon, somewhere in the backed of my application, to make sure it is save, and to have the possability to use it in my role provider?
Is session the right choice for this? If so, how can I access user's session in my role provider?
1 answers
solution1
1 2012-03-03 12:14:48
You should never use passwords, use password hashes instead (properly salted, of course). So, now you can pass username and password hash to your role provider which in turn will pass that to your wcf which will grant or not grant the necessary roles.
Update
IsUserInRole method should look like so:
public class WcfRoleProvider: RoleProvider
{
public bool IsUserInRole(string username, roleName)
{
bool result = false;
using(WcfRoleService roleService = new WcfRoleService())
{
result = roleService.IsUserInRole(username, roleName);
}
return result;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.