Custom forms authentication in MVC
I want to use authentication on my site in order to login to the Admin section. I already have my database schema, I don't want to use the ASP.NET membership tables for SQL Server. I have three tables: Employees, Roles, and EmployeesInRoles.
I'd really like to keep this as simple as possible, but I'm having trouble finding a solution. I just want to use forms authentication with my tables so employees can log in, log out, change their password, etc.
If anyone could direct me to a blog post or tutorial about this, that would be great.
Answer
Steven, check out my series of tutorials on website security: http://www.asp.net/web-forms/overview/older-versions-security/introduction/security-basics-and-asp-net-support-cs
(EDIT: I've updated the above URL as the original URL was returning a 404. But please bear in mind that this material was written in 2008 and is hopelessly dated now.)
The first three tutorials focus exclusively on forms-based authentication without discussing Membership. These first three tutorials - especially tutorials #2 and #3 - should get you moving in the right direction.
To implement roles without using the built-in ASP.NET Roles framework, check out this article: Role-Based Authorization With Forms Authentication.
All that being said, I would suggest that you reconsider using ASP.NET's baked in Membership and Roles libraries. Avoiding them means you're going to have to reinvent the wheel, and you'll probably do it wrong. (For instance, are you securely storing user passwords in your custom implementation?)
Happy Programming!