Authentication in MVC 3: Which way to roll

Question

I have written a set of Interfaces and associated clases to Authenticate users using Entity Framework rather that the sotred procs provided with the builtin and rather dated ASP.NET Membership provider.

What would be the best way to implement my AuthenticationService with my MVC 3 application? Should I write a custom provider and override the Membership Provider? This looks easy but I don't really care for the provider factory of factories model that Microsoft has given us.

Thoughts?

Mike Valenty · Accepted Answer

I wrote my own membership service based on the interface that came with MVC 2. Since authorization in my application is a little more complicated than the out of the box role-based stuff, I couldn't use the System.Web.Security.MembershipProvider. I still use FormsAuthentication though for keeping track of the logged in user. You lose out on being able to use the [Authorize(Roles="Admin")] and other framework bits, but like I said my application doesn't use Role based auth.

public class MyMembershipService : IMembershipService
{
    private readonly IUserRepository userRepository;

    public MyMembershipService(IUserRepository userRepository)
    {
        this.userRepository = userRepository;
    }

    public virtual bool IsValid(string username, string password)
    {
        var user = userRepository.FindByUsername(username);

        return user != null && user.PasswordMatches(password);
    }

    public virtual bool AllowedToLogIn(string username)
    {
        var user = userRepository.FindByUsername(username) ?? new User();

        return user.AllowedToLogIn();
    }
}

Authentication in MVC 3: Which way to roll

Answers (2)

Related Questions