Simple Membership Admin Accout

Question

I am working on my first ASP.Net MVC 4 application and now stuck with one simple use case.

I need to authenticate one single user (Admin) so that he/she can log in to admin area to perform certain tasks. Though the ASP.Net internet project template has Account controller using simple membership but that seems to have much more than what I actually need. For instance, I don't really need the user registration functionality and user roles. My requirements are fairly simple, just to store one single user in database, give him the options to update his info like password, email etc and grant him access to admin area (admin controller and actions). What I can't figure out is

1. Are simple membership or other asp.net membership provider my only options for this simple scenario.
2. If not what other option do I have in order to use [Authorize] to secure admin actions

Answer 1

You can build a custom method to grab the user and their stored role, then evaluate it in your controller. So, for instance:

public ActionResult GetAdminPage()
{
    var loggedInUserName = HttpContext.User.Identity.Name;
    var user = somesortofproviderlookupmethod(loggedInUserName);

    // Assume user is a bool and is true
    if (user)
    {
        return view("AdminPage");
    }
}

The only thing I'm not sure of is whether or not HttpContext.User requires membership. Perhaps someone can shed some light. If so, perhaps you could send the username from the view, but then of course you're trusting the client. So how you are doing user authentication would change this answer somewhat.

Personally, I like membership. It's clean, easy, fast and can be scaled nicely if you end up having additional requirements. Doing something like this would be even easier with membership, since then you can actually use Roles.GetRolesForUser(); and only return the admin view if they contain the role you are looking for.