Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom forms authentication in MVC

I want to use authentication on my site in order to login to the Admin section. I already have my database schema, I don't want to use the ASP.NET membership tables for SQL Server. I have three tables: Employees, Roles, and EmployeesInRoles.

I'd really like to keep this as simple as possible, but I'm having trouble finding a solution. I just want to use forms authentication with my tables so employees can log in, log out, change their password, etc.

If anyone could direct me to a blog post or tutorial about this, that would be great.

like image 595
Steven Avatar asked Jan 03 '11 17:01

Steven


2 Answers

Steven, check out my series of tutorials on website security: http://www.asp.net/web-forms/overview/older-versions-security/introduction/security-basics-and-asp-net-support-cs

(EDIT: I've updated the above URL as the original URL was returning a 404. But please bear in mind that this material was written in 2008 and is hopelessly dated now.)

The first three tutorials focus exclusively on forms-based authentication without discussing Membership. These first three tutorials - especially tutorials #2 and #3 - should get you moving in the right direction.

To implement roles without using the built-in ASP.NET Roles framework, check out this article: Role-Based Authorization With Forms Authentication.

All that being said, I would suggest that you reconsider using ASP.NET's baked in Membership and Roles libraries. Avoiding them means you're going to have to reinvent the wheel, and you'll probably do it wrong. (For instance, are you securely storing user passwords in your custom implementation?)

Happy Programming!

like image 78
Scott Mitchell Avatar answered Sep 28 '22 02:09

Scott Mitchell


The built-in Membership provider is based on interfaces that can have their implementation replaced by your own, which (among other things) can use your own tables for authentication.

Here is a video on creating a custom ASP.NET Membership provider: http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider

Here's a good general article with pointers to other resources:
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx

like image 43
Dave Swersky Avatar answered Sep 28 '22 02:09

Dave Swersky