Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

.NET Custom Membership Vs. Custom Login/Registration: Authentication/Authorization

Tags:

asp.net-mvc

session

authorization

asp.net-membership

When I make a site that requires registration and login, for something quick without a lot of requirements I'll use Membership with [Authorize] attributes and whatnot. Works well for what it does. But now I'm wanting something more. Basically I'm developing a site using ASP.NET MVC EF CodeFirst and want to create a User entity to persist to the DB that holds much more information. Such information required when registering would have additional properties such as FirstName, LastName, Gender, Country, etc...

I've tried reading over implementing a custom MembershipProvider and MembershipUser, etc... I've gone so far but it's just not coming together the way I want in the end. Now when I develop a site in PHP or, other times in ASP.NET, I'll just create my User class and give him all the properties needed for the registration page and just push it to the DB. Then when I login I just grab the username or email and password and just create a session variable indicating whether the user is authorized or not.

Is this ok to do? I just don't understand why this whole Membership thing is so much more complicated than it appears to have to be so I feel like I'm missing the point of it all. Also, I notice in an ASP.NET MVC web app that when you're authenticated it writes out this line....

FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie: false);

What is the difference between that and...

Session["username"] = model.UserName
like image 326
Shane LeBlanc Avatar asked Nov 04 '22 22:11

Shane LeBlanc

1 Answers

Rather than go the route of a membership provider (I personally don't like it and find it much to heavy for the applications I work with) have you considered simply creating a custom IPrinicipal / IIdentity object for your application and extending them with the properties you want from your "User" object?

Rather than get into the specifics there are already some great resources on SO that cover this concept: ASP.NET MVC - Set custom IIdentity or IPrincipal

In regards to your question, Session["username"] is simply a session cookie. You lose all benefits of FormsAuthentication. For example with forms auth if the user requests a page that requires authenticated access and that user has not previously logged on to the site, then the user is redirected to a configured logon page with forms auth.

With Session["username"] you would need to manually roll every aspect of authentication. I would strong recommend NOT doing this.

like image 53
Jesse Avatar answered Nov 09 '22 15:11

Jesse
Sign in to Comment

Related questions

Is there a good approach to combine Windows authentication and Forms authentication in ASP.NET MVC?
How do I use my HTTP handlers for selected paths and MVC handler for the rest?
ASP.NET MVC rendering model not the way I expect
WCF Web Api as a subdomain of an asp.net mvc 3 app?
EntityFunctions.CreateDateTime issue with leap Year in linq to entity
passing mocked parameter to mocked interface
Collecting Stats on an asp.net mvc site?
How can I deploy a new web application to a subdirectory of an IIS site and not have to click "Convert To Application"?
Can I use server-side Javascript to code views in Razor?
How can I sort a list based on a user's selections in ASP.NET MVC?
Asp.Net Mvc 2 Checkbox always false in model
An object specified for refresh is not recognized
AutoMapper in Service Layer
ASP .NET MVC Storing Lots of Parameters between Views
asp.net mvc url action ignore old parameter values
Fluent NHibernate: mapping a dictionary of lists
Route Constraint Error on POST
Telerik MVC Grid Master Detail Cascading Dropdowns
DTO shape: flat, complex/nested, or a mixture of both
Output cache for multi-tenant application, varying by hostname and culture

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!