0

I am developing an ASP.NET MVC4 social networking application which will be having 5 types of users namely student, administrator, supervisor, providers, etc.

I want to use forms authentication as it is a internet application. My database has USERS, ROLES & FEATURES tables along with other tables in SQL server. How do I implement the authentication in ASP.NET MVC? Where do I store the logged in user's information? (e.g. session, viewbag, tempdata, etc.) and what would be the best approach to implement this? I do not want to use default websecurity feature provided by MVC.

A application with source code would help a lot. I tried NerdDinner, but it is using default websecurity classes which I do not want to use.

Kindly help me on this.

Improve this question
4
  • msdn.microsoft.com/en-us/library/ff398049(v=vs.100).aspx and this weblogs.asp.net/jgalloway/archive/2012/05/04/… Commented Feb 15, 2013 at 10:27
  • this isn't really the forum for tell me how. in this forum you are expected to do research, attempt to implement, and finally return with very specific questions. Posts like this usually don't get help, often get closed, and sometimes down-voted. Commented Feb 15, 2013 at 12:59
  • Hi Dave, thanks for the reply. I tried several approaches but couldn't figure out which way to go so thought should ask from a basic starting point. Commented Feb 15, 2013 at 13:05
  • elaborate on, "I do not want to use default websecurity feature provided by MVC" - I think you should just use that. Commented Feb 16, 2013 at 13:55

1 Answer 1

Reset to default
1

There are a few layers of security features built into ASP.NET

  • Forms authentication module. This is the piece responsible for creating and managing authentication cookie and allowing/blocking access to the site. This is the bare bone infrastructure and you have to use it in order to use "Forms Authentication".
  • Membership database and API. Lets you store user id/pass and some other user attributes. Optional if you have other ways of verifying user credentials
  • Roles database and API. Optional, unless you want to provide fine grained authorization.

If you are building a brand new web site without an existing id/access management infrastructure, there are very few reasons to reinvent the wheel and build the Membership and Role infrastructure from scratch, unless they don't support your requirements.

If you want to understand the basic starting points of ASP.NET security, get a trial subscription to http://www.pluralsight.com/training and take an ASP.NET security course.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.