I have built a MVC website on IIS6. I used the built-in ASP.NET Security without Membership, just the way it was implemented in the template solution. It is easy to secure a contoller or action, but now I need to expose the user management to an admin logged into the site. I understand that the builtin ASP controls for doing this are not "best practice" and are a dog to get working. So what is the best practice for offering user management through a ASP.NET MVC application?
I considered using the Entity Framework and wireing it up to the myriad of stored procs. but that seems awkward. I see options for AccountMembershipService and FormsAuthenticationService. That is what the existing project account controller uses. But, I am not fimilliar with either.
I can't help but think that this should have already been there from the project template. This is a fundamental part of any website and you were given 15%, why not the rest?
MVC provides a lot of infrastructure support for Forms Authentication. Forms authentication is highly customizable, you can customize everything from the sign in form, to where the credentials are stored and how those credentials are validated. Forms Authentication in ASP.NET relies on cookies by default.
As far as I can tell, you are using SqlMembershipProvider as your Membership Provider implementation. I would strongly suggest that you have a look at some of the methods of MembershipUser and MembershipProvider classes (such as CreateUser, etc) to achieve what you are trying to do instead of working with the underlying database tables used for the implementation.
You can also have a look at this article for an in depth intro to ASP.NET's Membership, Roles, and Profile providers.
Check out this project at CodePlex: ASP.Net MVC Membership Starter Kit
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With