0

I am developing an ASP.NET MVC4 social networking application which will be having 5 types of users namely student, administrator, supervisor, providers, etc.

I want to use forms authentication as it is a internet application. My database has USERS, ROLES & FEATURES tables along with other tables in SQL server. How do I implement the authentication in ASP.NET MVC? Where do I store the logged in user's information? (e.g. session, viewbag, tempdata, etc.) and what would be the best approach to implement this? I do not want to use default websecurity feature provided by MVC.

A application with source code would help a lot. I tried NerdDinner, but it is using default websecurity classes which I do not want to use.

Kindly help me on this.

ssilas777
  • 9,672
  • 4
  • 45
  • 68
pbhalchandra
  • 287
  • 1
  • 6
  • 14
  • http://msdn.microsoft.com/en-us/library/ff398049(v=vs.100).aspx and this http://weblogs.asp.net/jgalloway/archive/2012/05/04/asp-net-mvc-authentication-customizing-authentication-and-authorization-the-right-way.aspx – Ravi Gadag Feb 15 '13 at 10:27
  • this isn't really the forum for **tell me how**. in this forum you are expected to do research, attempt to implement, and finally return with very specific questions. Posts like this usually don't get help, often get closed, and sometimes down-voted. – Dave Alperovich Feb 15 '13 at 12:59
  • Hi Dave, thanks for the reply. I tried several approaches but couldn't figure out which way to go so thought should ask from a basic starting point. – pbhalchandra Feb 15 '13 at 13:05
  • elaborate on, "I do not want to use default websecurity feature provided by MVC" - I think you should just use that. – Rusty Divine Feb 16 '13 at 13:55

1 Answers1

1

There are a few layers of security features built into ASP.NET

  • Forms authentication module. This is the piece responsible for creating and managing authentication cookie and allowing/blocking access to the site. This is the bare bone infrastructure and you have to use it in order to use "Forms Authentication".
  • Membership database and API. Lets you store user id/pass and some other user attributes. Optional if you have other ways of verifying user credentials
  • Roles database and API. Optional, unless you want to provide fine grained authorization.

If you are building a brand new web site without an existing id/access management infrastructure, there are very few reasons to reinvent the wheel and build the Membership and Role infrastructure from scratch, unless they don't support your requirements.

If you want to understand the basic starting points of ASP.NET security, get a trial subscription to http://www.pluralsight.com/training and take an ASP.NET security course.

0leg
  • 966
  • 5
  • 9