Implementing forms authentication in asp.net mvc application

Question

I am developing an ASP.NET MVC4 social networking application which will be having 5 types of users namely student, administrator, supervisor, providers, etc.

I want to use forms authentication as it is a internet application. My database has USERS, ROLES & FEATURES tables along with other tables in SQL server. How do I implement the authentication in ASP.NET MVC? Where do I store the logged in user's information? (e.g. session, viewbag, tempdata, etc.) and what would be the best approach to implement this? I do not want to use default websecurity feature provided by MVC.

A application with source code would help a lot. I tried NerdDinner, but it is using default websecurity classes which I do not want to use.

Kindly help me on this.

Answer 1

There are a few layers of security features built into ASP.NET

• Forms authentication module. This is the piece responsible for creating and managing authentication cookie and allowing/blocking access to the site. This is the bare bone infrastructure and you have to use it in order to use "Forms Authentication".
• Membership database and API. Lets you store user id/pass and some other user attributes. Optional if you have other ways of verifying user credentials
• Roles database and API. Optional, unless you want to provide fine grained authorization.

If you are building a brand new web site without an existing id/access management infrastructure, there are very few reasons to reinvent the wheel and build the Membership and Role infrastructure from scratch, unless they don't support your requirements.

If you want to understand the basic starting points of ASP.NET security, get a trial subscription to http://www.pluralsight.com/training and take an ASP.NET security course.