At some point you probably realized that users will need to log into your website. Identifying who your users are is known as authentication. You may also need the added ability to know what resources each user is allowed to access. This is accomplished in the form of roles using authorization. This functionality is built into the MVC framework right out of the box in the form of the Login control and the ASP.NET default membership and role providers. If you're like me you may want more control over what data is stored for a user and how it is stored. Towards this end we'll be implementing our own method of authorizing and authenticating users in this post. There are several different ways to do this depending on the level of control needed. We'll begin by doing the bare minimum and we'll add on more complexity and specialization as we go. Feel free to implement the parts you need and use the out-of-the-box features that do not need custom implementations. I'll try to keep these sections separate from one another to make following along easier.
For the purposes of this tutorial we'll use the following scenario: Our website supports a local bank. There will be two available roles for users: Member and Administrator. When storing customer information we will be interested in thier name, username, email, password and their role of course. More...
Tags: RoleProvider, MembershipProvider, MVC, Entity Framework
febca959-3121-4400-a10a-a90f76b78ed4|15|4.9