ASP.NET 2: Membership/RoleMangement vs. ASP.NET 1.1.. question

Discussion in 'ASP .Net Security' started by matt@mailinator.com, Nov 1, 2005.

  1. Guest

    hello,

    im working on my first public-facing ASP.NET 2 website, and i have a
    question/concern about authentication integration.

    in ASP.NET 1.1, one would typically go w/ a "role yer own"
    webforms/database role-based model: in your db youd have a Users table,
    a RoleGroups table, a UserRoles table (see
    http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).

    this worked well, because it hooked in directly with your typical Users
    table (UserID, UserName, Email, FirstName, LastName, etc...)

    in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
    own SQL Server/Access database (the "ASPNETDB" datasource). and via
    Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
    user/group management tools (add/delete role, find user, etc..!).

    however...i still need my custom db's User table -- as is expected,
    there are many columns i have for my users that are not in the
    MembershipUser object.

    herein lies the problem -- if i am to use ASP.NET 2's Authentication
    and RoleManagement funcationality (database), i am in effect
    maintaining *two* databases of users! the authentication db
    ("ASPNETDB"), and my customer db. this starts to add complication, not
    to mention data duplication. for example, if i wish to delete a user
    altogether, i must now delete the user in two different databases.
    likewise, if i wish to add a user, i have to add him in two databases
    -- and if these tasks fail for some reason in one but not the other, it
    seems quite messy.

    another big concern is, most of my 1.1 apps use a simple Int32 "UserID"
    identified column for anything related to my users -- relationships to
    orders, comments/feedback, etc.. ASPNETDB has a UserID property, but i
    cant seem to retrieve it via the MemberUser obj. and it doesnt look
    like a simple indentifier int, either.

    so, what is the consenus, here? how best to work w/ this model shift
    between 1.1 and 2.0? how does one link their custom business-rules User
    table to the authentication User table...!?


    thanks,
    matt
    , Nov 1, 2005
    #1
    1. Advertising

  2. I haven't really used the ASP.NET 2.0 built in Membership
    But i don't think you must use what is provided i guess you should be able
    to write your own customized one
    Patrick

    <> wrote in message
    news:...
    > hello,
    >
    > im working on my first public-facing ASP.NET 2 website, and i have a
    > question/concern about authentication integration.
    >
    > in ASP.NET 1.1, one would typically go w/ a "role yer own"
    > webforms/database role-based model: in your db youd have a Users table,
    > a RoleGroups table, a UserRoles table (see
    > http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
    >
    > this worked well, because it hooked in directly with your typical Users
    > table (UserID, UserName, Email, FirstName, LastName, etc...)
    >
    > in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
    > own SQL Server/Access database (the "ASPNETDB" datasource). and via
    > Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
    > user/group management tools (add/delete role, find user, etc..!).
    >
    > however...i still need my custom db's User table -- as is expected,
    > there are many columns i have for my users that are not in the
    > MembershipUser object.
    >
    > herein lies the problem -- if i am to use ASP.NET 2's Authentication
    > and RoleManagement funcationality (database), i am in effect
    > maintaining *two* databases of users! the authentication db
    > ("ASPNETDB"), and my customer db. this starts to add complication, not
    > to mention data duplication. for example, if i wish to delete a user
    > altogether, i must now delete the user in two different databases.
    > likewise, if i wish to add a user, i have to add him in two databases
    > -- and if these tasks fail for some reason in one but not the other, it
    > seems quite messy.
    >
    > another big concern is, most of my 1.1 apps use a simple Int32 "UserID"
    > identified column for anything related to my users -- relationships to
    > orders, comments/feedback, etc.. ASPNETDB has a UserID property, but i
    > cant seem to retrieve it via the MemberUser obj. and it doesnt look
    > like a simple indentifier int, either.
    >
    > so, what is the consenus, here? how best to work w/ this model shift
    > between 1.1 and 2.0? how does one link their custom business-rules User
    > table to the authentication User table...!?
    >
    >
    > thanks,
    > matt
    >
    Patrick.O.Ige, Nov 1, 2005
    #2
    1. Advertising

  3. Hello,

    I guess in this case you will have to build your own membership provider
    that will facilitate the same membership features and tools for your own
    database... so you will have to make simple modifications in your DB just
    as suitable to the membership provider that you are building.

    I am posting here also some links that helps in building your own membership
    provider.
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/bucupro.asp
    http://www.15seconds.com/issue/050216.htm
    http://www.theserverside.net/articles/showarticle.tss?id=CreatingProfileProvider
    http://www.devx.com/asp/Article/29256

    I hope this helps.
    Thanks
    --
    Khaled Hussein
    Graduate Teaching Assistant
    College of Computing and Information Technology
    Arab Academy for Science and Technology and Maritime Transport

    > hello,
    >
    > im working on my first public-facing ASP.NET 2 website, and i have a
    > question/concern about authentication integration.
    >
    > in ASP.NET 1.1, one would typically go w/ a "role yer own"
    > webforms/database role-based model: in your db youd have a Users
    > table, a RoleGroups table, a UserRoles table (see
    > http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
    >
    > this worked well, because it hooked in directly with your typical
    > Users table (UserID, UserName, Email, FirstName, LastName, etc...)
    >
    > in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
    > own SQL Server/Access database (the "ASPNETDB" datasource). and via
    > Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
    > user/group management tools (add/delete role, find user, etc..!).
    >
    > however...i still need my custom db's User table -- as is expected,
    > there are many columns i have for my users that are not in the
    > MembershipUser object.
    >
    > herein lies the problem -- if i am to use ASP.NET 2's Authentication
    > and RoleManagement funcationality (database), i am in effect
    > maintaining *two* databases of users! the authentication db
    > ("ASPNETDB"), and my customer db. this starts to add complication, not
    > to mention data duplication. for example, if i wish to delete a user
    > altogether, i must now delete the user in two different databases.
    > likewise, if i wish to add a user, i have to add him in two databases
    >
    > another big concern is, most of my 1.1 apps use a simple Int32
    > "UserID" identified column for anything related to my users --
    > relationships to orders, comments/feedback, etc.. ASPNETDB has a
    > UserID property, but i cant seem to retrieve it via the MemberUser
    > obj. and it doesnt look like a simple indentifier int, either.
    >
    > so, what is the consenus, here? how best to work w/ this model shift
    > between 1.1 and 2.0? how does one link their custom business-rules
    > User table to the authentication User table...!?
    >
    > thanks,
    > matt
    Khaled Hussein, Nov 1, 2005
    #3
  4. Hello ,

    have a look here - this is a good starting point for understanding the whole
    provider pattern, and afterwards decide yourself if it makes sense to write
    a provider, or simply migrate your code from 1.1 to 2.0
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/ASPNETProvMod_Intro.asp

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > hello,
    >
    > im working on my first public-facing ASP.NET 2 website, and i have a
    > question/concern about authentication integration.
    >
    > in ASP.NET 1.1, one would typically go w/ a "role yer own"
    > webforms/database role-based model: in your db youd have a Users
    > table, a RoleGroups table, a UserRoles table (see
    > http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
    >
    > this worked well, because it hooked in directly with your typical
    > Users table (UserID, UserName, Email, FirstName, LastName, etc...)
    >
    > in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
    > own SQL Server/Access database (the "ASPNETDB" datasource). and via
    > Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
    > user/group management tools (add/delete role, find user, etc..!).
    >
    > however...i still need my custom db's User table -- as is expected,
    > there are many columns i have for my users that are not in the
    > MembershipUser object.
    >
    > herein lies the problem -- if i am to use ASP.NET 2's Authentication
    > and RoleManagement funcationality (database), i am in effect
    > maintaining *two* databases of users! the authentication db
    > ("ASPNETDB"), and my customer db. this starts to add complication, not
    > to mention data duplication. for example, if i wish to delete a user
    > altogether, i must now delete the user in two different databases.
    > likewise, if i wish to add a user, i have to add him in two databases
    >
    > another big concern is, most of my 1.1 apps use a simple Int32
    > "UserID" identified column for anything related to my users --
    > relationships to orders, comments/feedback, etc.. ASPNETDB has a
    > UserID property, but i cant seem to retrieve it via the MemberUser
    > obj. and it doesnt look like a simple indentifier int, either.
    >
    > so, what is the consenus, here? how best to work w/ this model shift
    > between 1.1 and 2.0? how does one link their custom business-rules
    > User table to the authentication User table...!?
    >
    > thanks,
    > matt
    Dominick Baier [DevelopMentor], Nov 1, 2005
    #4
  5. Guest

    > i don't think you must use what is provided i guess you should be able
    > to write your own customized one


    of that i am certain, but that isnt the point. i am looking for how to
    work w/ the new security model.. and/or questioning the usefulness of
    this new model.

    matt
    , Nov 1, 2005
    #5
  6. Guest

    > in this case you will have to build your own membership provider

    ive read the links. boy. seems like a lot of work... i mean, using the
    1.1 in 2.0 would only take me a couple hours. but writing an entire
    member provider implementation seems like it would take much, much
    longer....

    maybe its just my gut reaction. but it seems like so much work compared
    to what im used to....


    thanks,
    matt
    , Nov 1, 2005
    #6
  7. sillyevar Guest

    You are right. It is a lot of work. You already did the work up front
    in your 1.1 application.

    Now think back to when you were writing your user system. The new
    membership provider would have saved you hours there. If you already
    have all the features that the membership provider gives you, then
    there is no reason for you to adopt it in your old app.

    Sounds like you have a good answer.
    sillyevar, Nov 6, 2005
    #7
  8. Guest

    > Now think back to when you were writing your user system. The new
    > membership provider would have saved you hours there.


    to a degree, yes -- primarily with password functionality. however, i
    still dont see a way for someone (even if starting from scratch) to
    build a customer-oriented, data-driven website and still not have to
    write their own membership provider -- what enterprises *arent* still
    going to need their own, custom user tables?

    very few sites wont need their own user tables. which means spending a
    lot of time writing a new provider.

    > Sounds like you have a good answer.


    yep. kept the 1.1 mode; just added a global.aspx (appears to be legacy
    now?) to the project.

    perhaps when there is free time, it will be spent writing a new
    provider that inserts into my user table instead of microsoft's.


    thanks
    matt
    , Nov 15, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. artificer

    ASP.NET Membership Services Question?

    artificer, Sep 7, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    400
    clintonG
    Sep 8, 2005
  2. =?Utf-8?B?bGFuZW0=?=

    ASP.NET 2.0 Membership question

    =?Utf-8?B?bGFuZW0=?=, Oct 20, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    411
    =?Utf-8?B?QmVudCBLcmlzdGlhbnNlbg==?=
    Oct 30, 2005
  3. Replies:
    6
    Views:
    730
  4. Paul
    Replies:
    1
    Views:
    307
    sloan
    Nov 29, 2007
  5. Tino Donderwinkel
    Replies:
    2
    Views:
    752
    Tino Donderwinkel
    Jun 18, 2008
Loading...

Share This Page