» Custom Roles provider for an external web service in ASP.Net MVC 4 Web Application
Custom Roles provider for an external web service in ASP.Net MVC 4 Web Application
|February 3, 2014
Posted by forumadmin
I am building a web application using ASP.Net MVC 4 and I have a web service that authenticate my application users, this web service receives a username and password and returns the roles for a user if he/she is authenticated or some token otherwise. I have the whole list of possible roles and their access rules.
What’s the best practice to implement a good security module and is it possible to use a custom Membership and Roles provider. It would be perfect if I was able to use the [Authorize] annotation but I have not figured a way to implement those custom providers.
Another try to summarize… I need to use a Roles provider for users that are not and should not be stored in a local database. So I need to programmatically and dynamically login a user and assign him/her some roles knowing only his/her username for the current session.
I can store the roles in the current session and check if the user is authorized at the beginning of each method but I don’t think it the best practice available.
Please suggest any useful technique or a sample code to implement such custom providers. I’ve read the following article and about External Providers but the problem is that I’ve roles and don’t have users.
Any help would be greatly appreciated, and many thanks in advance.
More Related Questions
- How to get RoleProvider to Work? This is a MVC 3 project. Just for testing, I have
public class MyRoleProvider : RoleProvider
public override string GetRolesForUser(string username)
return new […]
- Does asp.net membership really provide a secure and robust solution for login, authentication, authorization of web applications? I heard that the hashing algorithm for asp.net membership is sha-1, but I've seen in most articles that it is no longer safe, also I would like to know if most professional developers are […]
- Does the default Membership Providers OnValidatingPassword have to be overridden in custom implementations? I am working to implement a custom Membership Provider for my .net application. I have set up the configuration for a minimum number of characters and non-alphanumeric characters, but it […]
- Extending Active Directory Membership Provider I have an ASP.NET web site that will use Active Directory to store Users.
There is a requirement to allow users to use their emails as username.
Active directory will not allow characters […]
- ASP.NET Membership – keep users to use previous passwords I created a Membership login system for my client, now they do NOT want the user to use one of his 5 last passwords when it comes time to create a new one.
Is that something that is build […]
- How to fine tune a Membership Provider? After all the answers to my last question about fine-tuning turned out to be more useful than I expected, I thought that I would ask another similar Question about the MembershipProviders […]
- Microsoft Membership Provider Vs Custom Provider Vs Complete Custom Login System I am currently converting a very old, but working classic ASP site to ASP.Net.
It has a completely custom written user management system. Whilst it works fine, it really needs a refresh […]
- How to make website membership to be controlled from a web service or web api I would like to create a wcf web service or mvc web api as a data service, so it can be accessed from different clients. I would like to have the membership service in the data service as […]
- Dependency injection and ASP.Net Membership Providers I am in the process of creating a custom membership provider for an ASP.Net MVC website. The provider is being created as a separate class as part of a bigger library. There is a need for […]
- ASP.NET: Custom MembershipProvider with a custom user table I've recently started tinkering with ASP.NET MVC, but this question should apply to classic ASP.NET as well. For what it's worth, I don't know very much about forms authentication and […]