How to configure Custom Membership and Role Provider using ASP.NET MVC





ASP.NET membership is designed to enable you to easily use a number of different membership providers for your ASP.NET applications. You can use the supplied membership providers that are included with the .NET Framework, or you can implement your own providers.

There are two primary reasons for creating a custom membership provider.

  • You need to store membership information in a data source that is not supported by the membership providers included with the .NET Framework, such as a MysQL database, an Oracle database, or other data sources.
  • You need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework. A common example of this would be membership data that already exists in a SQL Server database for a company or Web site.

In tis tutorial, we are going to implement and configure a custom Membership Provider using ASP.NET MVC

Let’s go

A.  Create a Custom MemberShip Application class Library

  1. Create a class Library Project (our sample Projet name is LogCorner.SoftwareStore.Security)
  2. Reference the assembly  System.Web.ApplicationServices (Right Click Reference è Add reference => Select Assemblies => navigate to System.Web.ApplicationServices and add it)
  3. Create a Class CustomMembershipProvider and derive it from MembershipProvider
  4. Override ValidateUser as follow

1

For now we have what we need for our application security.  To go further in the implementation of Custom Membership Provider, please see our tutorial Mastering Custum ASP.NET MemberShip Provider using ASP.NET MVC

B.  Create an ASP.NET MVC4 application Client

1.       Create an ASP.NET MVC4 application Client ( Add New projet è ASP.NET MVC4 Web Application è Select Template Internet Web Appliction and Click OK)
2.       Open Web.config file
3.       Add or Replace membership section as follow

 

2

4. Open HomeController and Authorize Attribute to Index ActionResult

 

3

5. Run the application ASP.NET MVC4 application Client,  you ll have the errors below

 

4

6.   do not panic, proceed as follows :

Add this in your web.config (in the appSettings section):

<add key=”enableSimpleMembership” value=”false”/>

<add key=”autoFormsAuthentication” value=”false”/>

7.   Run the application ASP.NET MVC4 application Client,  you ll have another error

5

8. To fix it Open AccountController and comment  InitializeSimpleMembership , because we using Custom Membership Provider instead of Simple Membership

9. Override Login Action of AccountController  as follow :

10.  Run the application ASP.NET MVC4 application Client,  you’ll have  the form authentication below

7

11. Enter user credentials and click Log In, then you will have the execution workflow below :

8

9

10

C.  Configuration of Custom Role Provider

To configure custom role provider, please proceed as follow :

  1. create a class CustomRoleProvider  that inherits from  RoleProvider
  1. Overrides GetRolesForUser method1

 

  1. Now open web.config file of your client asp.net web application and add a RoleManager section 2
  2. Open HomeController and change Authorization as follow : 3

 

  1. Now test your sample. Only users who have approved login credentials and who belong to role Administrator can view Index page 456
  2. Thank you for reading us, our next tutorial is to configure Custom Membership Provider using ASP.NET MVC4  with external login like facebook, yahoo ,  google or other relying party accounts.

If you seek information about encoding and decoding password, please read our article ASP.NET Custom Membership Password Encoding and Decoding based on key SALT using SHA-3 algorithm










Gora LEYE

I’m a .NET Architect and Technical Expert skills located in Paris (FRANCE). The purpose of this blog is mainly to post general .NET tips and tricks,

17 thoughts on “How to configure Custom Membership and Role Provider using ASP.NET MVC

  • 11 December 2013 at 19 h 40 min
    Permalink

    Thank you for this. I’ve been looking for a good example on how to do this in MVC4. FYI. your link to Mastering Custum ASP.NET MemberShip Provider using ASP.NET MVC does not work. Can you fix it?

    • 11 December 2013 at 21 h 09 min
      Permalink

      Thank you for your feedback. the link Mastering Custum ASP.NET MemberShip Provider using ASP.NET MVC is now fixed but it is a series of tutorials in progress.

      This tutorial is part of articles below in order

      1. Creating the Application Services Database for SQL Server
      2. How to configure Custom Membership and Role Provider using ASP.NET MVC4
      3. How to configure Custom Membership Provider using ASP.NET MVC4 with external login like facebook, yahoo , google or other relying party accounts.
      4. ASP.NET MVC Custom Membership Password Hashing based on SALT key using SHA-3 Algorithm

      regards

  • 15 December 2013 at 2 h 40 min
    Permalink

    Thank you and congratulations, very good tutorial.

  • 14 March 2014 at 14 h 21 min
    Permalink

    Hello, I’ve used this code for Custom MemberShip a Custom Role Provider and it’s everything ok. When I implement the external login with facebook this not function if I not modify authenticationmode in “None”. When I set authentication mode to “none” the Custom Role Provider not function. Is there a solution for this?

  • 11 July 2014 at 11 h 06 min
    Permalink

    Very Good and Great Article, This help me a log while creating Custom Membership and Role defining in MVC4.

    God Bless You

  • 21 October 2014 at 18 h 35 min
    Permalink

    Hi, Just try to go through all this,
    everything seems fine, except that, whenever I access a page with [Authorized] attribute, it always prompt me the login page again, as if the user is never been authenticated, but the Membership.Validate return true.
    Do you happen to know what might be the case?
    Thanks

  • 22 November 2014 at 18 h 54 min
    Permalink

    Thank you for this amazing article!
    I was searching for this info! 🙂

    What’s with the fake comment form above the comments?
    It redirects me when I click on it… :S

  • 30 November 2016 at 15 h 52 min
    Permalink

    Greetings from Los angeles! I’m bored to death at work
    so I decided to browse your website on my iphone during lunch break.
    I really like the information you provide here and can’t wait to
    take a look when I get home. I’m surprised at how quick
    your blog loaded on my mobile .. I’m not even using WIFI, just 3G
    .. Anyhow, fantastic site!

Leave a Reply