How to create custom WebSecurity.Login and WebSecurity.CreateUserAndAccount methods in MVC 4?
When we choose New Project --> MVC 4 --> Internet Application, it will automatically generate AccountController for us. In this controller, I only care about 2 actions, Login and Register.
In MVC 3, it uses Membership's static methods, ValidateUserin Login action and CreateUser in Register. So, if I want to integrate it with my own database, I just need create CustomMembershipProvider by extending MembershipProvider and override that two methods.
But in MVC 4, it uses WebSecurity.Login and WebSecurity.CreateUserAndAccount. My questions are:
- How can I make it use my own database like I did in MVC 3?
- What's the different? Why doesn't it keep using static Membership methods? Why does it have to change to
WebSecurity?
Thanks so much for your help.
Answer
You will need to implement you own Membership and Role providers.
Custom Provider:
namespace MyApp.Helpers
{
public class CustomProviderProvider : SimpleMembershipProvider
{
public override MembershipUser GetUser(string username, bool userIsOnline)
{
return base.GetUser(username, userIsOnline);
}
public override bool ValidateUser(string username, string password)
{
return true; // base.ValidateUser(username, password);
}
}
}
You will just need to override the methods you want to "intercept" (ie ValidateUser). You will also need to register the provider in the web.config file:
<system.web>
<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
<add name="CustomMembershipProvider" type="MyApp.Helpers.CustomMembershipProvider, MyApp" />
</providers>
</membership>
</system.web>
You should also have a Filter called "InitializeSimpleMembershipAttribute"
namespace CustomPortal.Filters
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
{
private static SimpleMembershipInitializer _initializer;
private static object _initializerLock = new object();
private static bool _isInitialized;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Ensure ASP.NET Simple Membership is initialized only once per app start
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
private class SimpleMembershipInitializer
{
public SimpleMembershipInitializer()
{
Database.SetInitializer<CustomPortalContext>(null);
try
{
using (var context = new CustomPortalContext())
{
if (!context.Database.Exists())
{
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
//Here is where you give it your connection string name
WebSecurity.InitializeDatabaseConnection("CustomPortal", "UserProfile", "UserId", "EmailAddress", autoCreateTables: true);
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
}
}
}
I hope this helps...