Menu
How do I tie up my custom membership provider with my ASP.NET MVC [Authorize()] attribute? I've blasted through a number of tutorials for how to create a custom membership provider but all the information I've found about how to hook it up to an application seems to revolve around regular ASP.NET WebForms applications which seem to be a piece of cake.
I'm coming unstuck with the amount of "magic" that just happens in ASP.NET MVC which is great, but I'm used to plugging stuff in in a WebForms way so this "it just works" methodology is a bit of a mind bender for me. How do I know when I'm supposed to do the heavy lifting or I'm supposed to just rely on it happening by magic?
Where do I tie my provider in to an MVC app? Am I right in assuming that it is invoked through the [Authorize()] attribute once I do get it hooked up?
697
Hopefully I can add some additional clarity over the other answers as they really don't explain what's going on which isn't going to help your confusion.
First up, implement your custom provider which from the sound of things you've done already, so I'll just throw up a little code snippet and won't go into any further detail here:
using System.Web.Security;
public class MyCustomMembershipProvider : MembershipProvider
{
public override bool ValidateUser(string username, string password)
{
if (username.Equals("BenAlabaster") && password.Equals("Elephant"))
return true;
return false;
}
/* Override all the other methods required to extend MembershipProvider */
}
Then you configure your provider in your web.config making sure to populate the attributes that configure the base MembershipProvider:
<membership defaultProvider="MyCustomMembershipProvider">
<providers>
<clear />
<add name="MyCustomMembershipProvider"
type="MyNamespace.MyCustomMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="10"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
The next bit I think you're overthinking, the actual tie-in to your web application. Whereas in a WebForms app you kind of have to code the rest for yourself - the MVC framework does the rest for you - all you need to do is add the [Authorize] attribute to your action method and the framework will check to see if you're logged in, and if not redirect you to the login page. The login page will find your custom provider because that's what's configured in the web.config and will log your user in. You can access information about the logged in user from your controllers by referencing the User object:
public class WhateverController : Controller
{
[Authorize]
public ActionResult WhateverAction()
{
ViewData["LoggedInAs"] = string.Format("You are logged in as {0}.", User.Identity.Name);
Return View();
}
}
So this action requires that the user is logged in and presents the user information to the Whatever/WhateverAction.aspx view to be displayed on the page.
167
My custom membership provider is referenced in the web.config:
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider" type="Namespace.MyMembershipProvider, Namespace" connectionStringName="connstring" [...] />
</providers>
</membership>
Then just use static Membership class.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
