I personally just added the asp.net membership stuff to my own database. I then wrote a basic wrapper class around System.Web.Security.Membership class so that the code acts like its using its own membership stuff. Its pretty slick and not that hard to do. If you need assistance setting it up, here is what I did. … Read more
[AccessDeniedAuthorize(Roles=”SuperAdmin”)] public class SuperAdminController : Controller AccessDeniedAuthorizeAttribute.cs: public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if(filterContext.Result is HttpUnauthorizedResult) { filterContext.Result = new RedirectResult(“~/AcessDenied.aspx”); } } }
It’s true that the default SQL Membership Provider does not allow username changes. However, there’s no intrinsic reason to prevent users from changing their usernames if you have a valid argument, on your site, to allow it. None of the tables in the SQL database have the username as a key, everything is based on … Read more
Put this in Login1_Authenticate before calling Response.Redirect(“/admin/default.aspx”); FormsAuthentication.SetAuthCookie(“username”, true);
I had the same problem too. I forgot to set the web.config configuration. Maybe you missed too. <system.web> <authentication mode=”Forms”> <forms loginUrl=”~/user/login” timeout=”1000″ name=”__Auth” /> </authentication> </system.web>
I asked the same question to the product team. The design goal of SIMPLE membership was to work out-of-the box as simple as possible. So really there’s no customization possible as far as the tables are concerned. The recommended workaround is, to still use ASP.NET Membership (SqlMembershipProvider).
Actually, the answer is probably a combination of 1 and 3. You can take advantage of a lot of the tools and features that the framework provides for you by writing a membership, role or profile provider if the default options don’t quite go as far as you’d like. We’ve done just that on a … Read more
using System.Web.Security; Roles.GetRolesForUser() Or Roles.GetRolesForUser(String) if not targeting the currently logged in user.
Try setting the following up in your web.config within the <system.web> node: <roleManager enabled=”true” defaultProvider=”SimpleRoleProvider”> <providers> <clear /> <add name=”SimpleRoleProvider” type=”WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData” /> </providers> </roleManager> <membership defaultProvider=”SimpleMembershipProvider”> <providers> <clear /> <add name=”SimpleMembershipProvider” type=”WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData” /> </providers> </membership> <sessionState mode=”InProc” customProvider=”DefaultSessionProvider”> <providers> <add name=”DefaultSessionProvider” type=”System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ connectionStringName=”DefaultConnection” /> </providers> </sessionState> Sounds like SimpleMembership … Read more
Yes, you got it right (IMO it’s safer and simpler to implement a custom membership provider, but it’s your choice) Yes, it’s correct You do it right You inherit the roles property from the AuthorizeAttribute base class and you check in your implementation if the user is in the role. Edit: a little more on … Read more