CODEWITHSUNDEEP
asp.net-mvc-4membership-providersimplemembership
Swifty
Swifty

Reputation: 1432

MVC 4 with AspNetSqlMembershipProvider

I've been tasked with rewriting an existing Asp.Net Classic web app in MVC4, using the existing DB and authentication.

The old app still uses the "aspnet_" prefix to its tables. I've modified the new site's web.config to include these providers (copied straight form the old site)

<roleManager enabled="true">
      <providers>
        <remove name="AspNetSqlRoleProvider" />
        <add connectionStringName="LocalSqlServer" applicationName="MyApp" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <remove name="AspNetWindowsTokenRoleProvider" />
        <add applicationName="IOL" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
    <membership defaultProvider="AspNetSqlMembershipProvider">
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="MyApp" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <remove name="AspNetAdminMembershipProvider" />
        <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="IOL" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetAdminMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

In my account controller's login action:

public ActionResult Login(LoginModel model, string returnUrl)
        {
            var auth = Membership.ValidateUser(model.UserName, model.Password);
            if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
            {
                return RedirectToLocal(returnUrl);
            }

            // If we got this far, something failed, redisplay form
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

The auth variable is true if I remove the [InitializeSimpleMembership] from the controller, if I add it back, I get an error stating "Cannot convert type 'System.Guid' to 'int'". he Websecurity.Login() method fails both with and without the class attribute.

So in a nutshell, if I remove the simple membership, the forms auth validate user works, but when I inspect the User.Identity.IsAuthenticated object, is says false.

What am I missing? I'm not even sure if I'm implementing this security model correctly, I can't find any information on it.

Upvotes: 0

Views: 1396

Answers (1)

Kevin Junghans
Kevin Junghans

Reputation: 17540

You cannot use the old membership providers with SimpleMembership (e.g. WebSecurity). You need to use the SimpleMembershipProvider. And you will have to migrate the data from the old table structures to the schema used by SimpleMembership. The only thing you can customize in SimpleMembership tables is the table that contains the user profile information, which you can read about here.

Migrating to MVC4 and SimpleMembership will already put you behind the curve. SimpleMembership has been depreciated for ASP.NET Identity. ASP.NET Identity requires MVC5, which you should migrate to anyway to take advantage of all of the added features as well of the general benefits of keeping your underlying components current. ASP.NET Identity is much more flexible than SimpleMembership (SimpleMembership was designed to be simple and not exactly flexible) and there is even an article that walks you through the steps of migrating SQL Membership to ASP.NET Identity.

Upvotes: 1

Related Questions