Combining ASP.NET’s Authentication Service with your MVC Project

By ColePublished: January 21, 2010

I’ve been learning MVC, and my first real project is well, a project tracking site.  So, in this site I track people as resources and also as project leads, etc.  I have tables, a domain model, and various ViewModels to reflect this.

The idea was to use ASP.NET’s nicely provided Membership services to register users and then use that for Authentication filtering.  The only problem my is that my domain model doesn’t include the ASP.NET database mappings, nor did I want it to.  I don’t want it to because if I later want to use Active Directory, I want it to be easy.

The solution I ended up implementing simply did the following:

I added two fields to the Register User View, First Name and Last Name, and then altered the controller to pick up this data.

Here is the controller code.

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Register(string userName, string firstName,
string lastName, string email, string password, string confirmPassword)
{

ViewData["PasswordLength"] = MembershipService.MinPasswordLength;

if (ValidateRegistration(userName, firstName, lastName, email, password, confirmPassword))
{
// Attempt to register the user
MembershipCreateStatus createStatus = MembershipService.CreateUser(userName, password, email);
if (createStatus == MembershipCreateStatus.Success)
{
FormsAuth.SignIn(userName, false /* createPersistentCookie */);
Person personToCreate = new Person();
personToCreate.UserID= (Guid)Membership.GetUser(userName).ProviderUserKey;
personToCreate.FirstName = firstName;
personToCreate.LastName = lastName;
EntityProjectTrackingRepository entities = new EntityProjectTrackingRepository();
entities.CreatePerson(personToCreate);
return RedirectToAction("Index", "ProjectTracker");
}
else
{
ModelState.AddModelError("_FORM", ErrorCodeToString(createStatus));
}
}

// If we got this far, something failed, redisplay form
return View();
}

So, now I have linked the user to my site by recording the Guid ProviderUserKey from the Membership services and updating my database and entity domain model with a Guid field named UserID.  Notice that I also explicitly have to create an entity model object to add the data to the MVC application database.  Well, the ASP.NET AccountController uses what is called Bastard Injection anti-Pattern for Unit Testing and Reflection purposes.  This signature looks like this:

public AccountController()
: this(null, null)
{
}

The problem here is that if I try to use Dependecy Injection (a subject for another time) to access my Repository, none of the turnkey unit testing can find the controller.  I’m still unsure about how this works and for the sake of time, accessing the entity model explicitly works just fine.

Now, I can track what user creates what resource (person or otherwise), and I more filtering options for the whole project.  Next step… Adding the Authentication Filters and User Roles.

Popularity: 100% [?]

No related posts.

About the Author

I'm a math and programming junkie. I like coding in c# and matlab just as much as I like my PS3 and PSPgo! And that's saying a lot. I'm currently learning MVC, so I'll let you in on all my MVC newbtastic learning.