What sort of membership system should I use?

Question

[Problem]

I have a pre-built database with user credentials. The only thing I can change about this database is how the passwords are hashed. (Don't ask about that...let's just say it's dumb and I'm fixing it, please.) It's populated with credentials, so whatever I use has to mold to it. We are switching to the ASP.net MVC4 framework, and starting from scratch.

[Question]

What membership system should I use for the problem, if any?

It should:

a) allow me to check against the database using SHA512 for the password b) set roles depending on the results c) decorate the actions in the controller so I can feel like a boss

[Details]

Assume I've had a website for people who love to roleplay as toothbrushes. There's -a lot- (for a small- to mid-range website) of data already in the existing database. I'm moving to a brand new database layout and will be converting from the old one. We could change how the user system is managed, but to be honest we'd rather not do so. We have a user table with username and password. Very simple.

I have googled, and googled, and Stack Overflow'd, and Stack Overflow'd. What I have found is essentially a choose-your-own-adventure book where they either have blank page numbers, or the give me a page to an older book whose adventure isn't quite like this one.

I'm hoping that either a) someone will call me a dumb butt and point out I'm asking a duplicate question that leads to a resource with some complete example and/or documentation on how to do what I want or b) help me find a way.

As of right now I'm contemplating writing my own user management/authentication filtering system. I was going to go with the MembershipProvider but that seemed like overkill and didn't appear to do what I wanted it to. Maybe I'm narrowing my vision down too much.

I'm more than willing to hack my own way through and work to solve a problem, but I don't want to roll my own thing if there is something available that I can hook in to.

Update 1

Win made a comment about the MembershipProvider being independent of the MVC system which gave me an "Aha!" moment as things come together. I'm re-evaluating my research to see if I simply didn't put the puzzle pieces together correctly.

Update 2

After much help from dkroy and Win, I got a bit deeper into what is going on here. Once I have everything done I will include it in an edit for anyone else looking for information. Essentially, I was on the right track before I was thinking about scrapping it. I hadn't implemented a GetUser call, and I wasn't calling SetAuthCookie, so it wasn't working correctly. I'm now in the process of writing a RoleProvider.

Answer 1

a) allow me to check against the database using SHA512 for the password

Membership provider support SHA512.

b) set roles depending on the results c) decorate the actions in the controller so I can feel like a boss

If you want to restrict user by role, you want to implement both Custom Memebership Provider and Custom Role Provider.

However, you do not need to override all. Here are the main ones -

// Membership provider 
public override bool ValidateUser(string username, string password)

public override MembershipUser GetUser(string username, bool userIsOnline)

public override string GetUserNameByEmail(string email)

// Role provider
public override bool IsUserInRole(string username, string roleName)

public override string[] GetRolesForUser(string username)

Answer 2

You can Create your own custom RoleProvider and MembershipProvider. That way you will be able to use your existing database structures, and still leverage the MembershipProvider and RoleProvider contracts that ASP.NET implements to provide membership services. Minimal searching on custom MembershipProviders should get you started.