I'm looking into how to integrate [Authorize] within my MVC 2 application... I'm reading articles about it and I've run the aspnet_regsql tool. I see that my database now containes a bunch of new tables and a whole hell of a lot of SPROCs.
Why is all of this necessary? I thought that I would be able to check login credentials in a table that I've already created for Party ... can't I just call a SPROC that checks the login credentials and then logs the user in? Why all of these new tables and SPROCs?
Because it is the way how it is works. If you using ASP.NET Membership by default you need to have database aspnetdb with lots of tables and stored procs. If you want you may customize that. In order to do that you need to implement custom membership provider.
The simple example how to do that you may find here http://msdn.microsoft.com/en-us/library/aa479048.aspx and here http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider also source code available.
It sounds like you want to create a custom membership provider. For logging in I think you really only need to override the ValidateUser method:
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
For roles you may be able to get by with overriding only the IsUserInRole method:
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx
Related
I am working on an application where I need to setup identity server 4. I have an api as resource. and a web forms application as client.I have few roles like teachers, students, parents in my database. How can I use this custom database and perform authentication and authorization without using identity?
Please suggest.
From your other question here I get a better idea of what you want.
I think one solution for what you want would be to setup identityserver4 in a seperate project with its own seperate database. I noticed the tag identityserver3, but I think it is quite safe to go for identityserver4. It shouldn't make a difference for the client/user since they are conceptually compatible.
1) Give your application a client/secret (which you configure in identityserver) in order to identify your application and grant access to the resource api. Here is some information: http://docs.identityserver.io/en/dev/quickstarts/1_client_credentials.html
You'll only need to configure one client to protect your resource from the outside. The only way to access the resource api is through your application, since your application is making the actual calls. This is also the drawback, you cannot expose the token to the outside world.
Since your client isn't the actual user, you'll need to identify the user. You can use any mechanism based on your current model as you like. A simple user/pass (with or without asp.net identity) could be enough to determine the roles. But please keep in mind that your application has full access to the resource api.
2) However, since identityserver is available, why not use it? Why don't you want to use the identitymodel? I think you should consider to seperate the identity information and your datamodel. Your datamodel shouldn't be aware of the security. And the security has nothing to do with your datamodel.
When you create a seperate database for identityserver you have one place to configure the identity users. All you need is a reference (sub) to the user in the datamodel. http://docs.identityserver.io/en/dev/quickstarts/2_resource_owner_passwords.html
Add claims or roles and everything is in place and you'll see there is no need to keep identity data in your custom database. The structure of your custom database stays intact, including the user table but without the identity data.
I think this is a safer solution and considering the good documentation and sample projects it may even turn out to be a quicker solution.
I have two databases in my postgesql, one for the client and another one for the administration, we have these legal texts created in the administration database. What I need to do is to create a button "synchronize" in the client side to allow him to add new legal texts (if there is new legal texts) to his database. I don't know how to do it, or how to access another database from the current one.
you may want to take a look at this page Web service api odoo provid you with a couple of webservice allow you to performe search or read data or create or update almost everything you need in here so if you want to create some record in the other odoo instance use xml-rpc and you can create or update anything you want if you have acces rights.
https://www.odoo.com/documentation/9.0/api_integration.html
read it carefully it's so easy to understand and the example works fine in the online version you need it
I am creating a custom site using the default membership provider, MVC5, EF6.1.1 using Code First.
The question I have is, what is the best way to link the two user tables? Should I have 2 databases? Should I just build my application into the database for the membership provider? And if that is the case, is there an easy way or a method to extract the GUID that is created when a new user registers to map a foreign key to my user table?
I guess I would rather keep the two separate and not have to deal with writing a custom provider, but I can't seem to wrap my head around the most logical way to do this.
Thanks!
Tony
We have a desktop application that uses a local database (SQL Server 2012 LocalDb).
We do not want the end user to be able to modify the database directly, and we want to restrict viewing the database contents to certain users.
Moreover, we want to restrict certain actions that can be performed from within the applications depending on the authorization level of the user that is logged in.
How can the first requirement be fulfilled? Is it possible through code-first?
Can the second requirement be integrated with the first?
Currently this is not supported out of the box, however since EF 6 you can create your own migration steps this way you could encapsulate granting rights to certain users and this way you can manage the user rights with migration steps.
About creating a migration step you can read this post: http://dolinkamark.wordpress.com/2014/05/03/creating-a-custom-migration-operation-in-entity-framework/
and you can find a post which has an example closer to your question: http://romiller.com/2013/02/27/ef6-writing-your-own-code-first-migration-operations/
I've used MongoDB before, but never with ASP.NET MVC.
Currently, I'm stuck trying to implement authentication for system which is going to use exclusively MongoDB (so, I don't have the option of leaving the users table to a SQL database).
Now, I figured a solution would be implementing my own Membership provider. However, that requires quite a lot of code. And, since it is related to security, it is not wise to reivent the wheel if I can avoid it.
Coming from Rails, it would be rather simple to just add something like Devise, set it up to use MongoDB and call it a day. I couldn't find anything similar for ASP.NET MVC - I am not sure if it is an uncommon use case, or if my Google-Fu is inadequate.
I don't need anything fancy -just the ability to create users, check their credentials and protect controllers from being called from unauthenticated users. Are there any packages that could solve my problem?
https://github.com/osuritz/MongoDB.Web
A collection of ASP.NET providers (caching, membership, profiles, roles, session state, web events) for MongoDB.
I would suggest to use https://extmongomembership.codeplex.com/ as this is newer provider that was presented in ASP.NET MVC4. And it contin eve more features (for instance permissions system if need)