Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Custom forms authentication in MVC

Tags:

c#

asp.net

asp.net-mvc

forms-authentication

I want to use authentication on my site in order to login to the Admin section. I already have my database schema, I don't want to use the ASP.NET membership tables for SQL Server. I have three tables: Employees, Roles, and EmployeesInRoles.

I'd really like to keep this as simple as possible, but I'm having trouble finding a solution. I just want to use forms authentication with my tables so employees can log in, log out, change their password, etc.

If anyone could direct me to a blog post or tutorial about this, that would be great.

like image 595
Steven Avatar asked Jan 03 '11 17:01

Steven

2 Answers

Steven, check out my series of tutorials on website security: http://www.asp.net/web-forms/overview/older-versions-security/introduction/security-basics-and-asp-net-support-cs

(EDIT: I've updated the above URL as the original URL was returning a 404. But please bear in mind that this material was written in 2008 and is hopelessly dated now.)

The first three tutorials focus exclusively on forms-based authentication without discussing Membership. These first three tutorials - especially tutorials #2 and #3 - should get you moving in the right direction.

To implement roles without using the built-in ASP.NET Roles framework, check out this article: Role-Based Authorization With Forms Authentication.

All that being said, I would suggest that you reconsider using ASP.NET's baked in Membership and Roles libraries. Avoiding them means you're going to have to reinvent the wheel, and you'll probably do it wrong. (For instance, are you securely storing user passwords in your custom implementation?)

Happy Programming!

like image 78
Scott Mitchell Avatar answered Sep 28 '22 02:09

Scott Mitchell

The built-in Membership provider is based on interfaces that can have their implementation replaced by your own, which (among other things) can use your own tables for authentication.

Here is a video on creating a custom ASP.NET Membership provider: http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider

Here's a good general article with pointers to other resources:
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx

like image 43
Dave Swersky Avatar answered Sep 28 '22 02:09

Dave Swersky
Sign in to Comment

Related questions

xUnit test using data coming from external file
Changing the background color of a DateTimePicker in .NET
What is the correct implementation for GetHashCode() for entity classes?
ASP.NET - path to use to reference .CSS and .JS
What causes Timeout expired SqlExceptions in LINQ to SQL?
C# convert a string for use in a logical condition
how do set a timeout for a method
C# parameters by reference and .net garbage collection
Creating C# Classes at runtime
Linq join with COUNT
Is it possible to get the parsed text of a SqlCommand with SqlParameters?
Hide TabControl buttons to manage stacked Panel controls
autofac's Func<T> to resolve named service
How to sort a List in C# [duplicate]
Get the ListBoxItem in a ListBox
Pass arguments to running application
How do I properly close a C# application that has created multiple threads?
ASP.NET web site can't see .cs file in App_Code folder
True Fixed Width Fonts in WPF
Casting interface type in Lazy<T>

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!