I'm currently building an ASP.NET MVC4 web application for visualizing and controlling industrial facilities. Now it's time to imlement some user and role management in order to provide security. After investigating a while, I think the state-of-the-art way to do it would be the SimpleMembershipProvider. So here's my problem: for compatibility and other reasons I do have to solely use the existing tables in our database, so I can't simply integrate SimpleMembership, point to our DB and let it create the needed tables itself. All I have is this existing table which generally looks like this:
ID (Integer)
UserName (String)
Passwort (String)
UserGroup (Integer) (this would be the equivalent to the role)
Is there a way to use SimpleMembership with that? Or - if not - how would you implement an alternative (maybe cookie-based) kind of authorization, preferrably with attributes to check if the user is authorized based on e.g. something like IsLoggedIn and RequiredUserGroup(4) or similar?
I'd really love to use the SimpleMembership mechanism, but I can't see how it should work with the given database fields.
Any help on that is greatly appreciated!
Best regards, Rob
You can customize SimpleMembership to contain the fields your application needs as shown in this article. The UserProfile entity/table comes out-of-the-box with this definition.
[Table("UserProfile")]
public class UserProfile
{
[Key]
[DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)]
public int UserId { get; set; }
public string UserName { get; set; }
}
Following the instructions in the referenced article you can easily add the UserGroup property to this table. But in SimpleMembership you do not store the password in the UserProfile. The password is stored as a one-way hash in the *webpages_Membership* table along with other required properties for SimplemMembershipProvider.
UPDATE: If you need to keep with the existing schema and handling of password storage your best bet is to create a custom membership provider as described in this tutorial.