First off: ASP.NET Web Application project with SQL Server 2008
I have inherited an ancient DB with a table called Security that stores user accounts. The columns are:
ID, name, user_name, password, and access_level.
access_level holds an integer value of 1 to 3 specifying access to certain parts of the web app. These range from 1 = user, 2 = power user, 3 = admin. I will need some users to view some info, hide it for others, and make it viewable+editable for others according to this access level.
I am familiar with older ASP.NET so I am new to the provider model. From what I have read so far I can:
1) create a custom MembershipProvider and RoleProvider and use those
2) create my own login system using hidden text fields to persist data
What is the best way to implement this? I started writing a custom MembershipProvider but it seems overkill for such a simple schema. There has to be a simpler method to implement this. Any suggestions or clarifications are welcome.
If you do not need to restrict pages based on the authorized roles, you can simply use
// After custom validation
FormsAuthentication.SetAuthCookie(username, false);
However, if you want to restrict pages based on the authorized role (in web.config), I'll suggest to implement Custom MembershipProvider and RoleProvider.
You just need to override the following methods.
MembershipProvider
public override bool ValidateUser(string username, string password)
public override MembershipUser GetUser(string username, bool userIsOnline)
RoleProvider
public override bool IsUserInRole(string username, string roleName)
public override string[] GetRolesForUser(string username)