Last post Aug 05, 2012 11:59 AM by Laurent Jordi
Aug 04, 2012 11:41 AM|aknuds1|LINK
I'm in the process of creating an ASP.NET MVC 4 application, which allows users to register themselves. While the standard MVC 4 app project has guided me in providing facilities for user registration and logging in, I'm uncertain of how to add administrative
facilities to the application. Specifically I need to be able to view registered users and edit them.
Do there exist any good guides on adding admnistrative facilities to MVC applications, or are there perhaps ready-made solutions (e.g. project scaffolding) which you would recommend? I know of two projects which provide MVC user administration scaffolding,
so far, MVC WSAT, ASP.NET MVC Membership Starter Kit, and
Any advice would be greatly appreciated!
Edit: Added link to the Security Guard project, which I just discovered. I also added a corresponding question on
Aug 04, 2012 06:30 PM|francesco abbruzzese|LINK
Aug 04, 2012 09:10 PM|aknuds1|LINK
This would only make up (a low-level) part of the kind of solution I'm asking for. My question should make it obvious I'm after a more complete solution.
Aug 05, 2012 08:33 AM|CodeHobo|LINK
SecurityGuard seems to be a good option but I have never used it. However as Francesco mentioned these features are all there in the membership provider and creating a controller/ui to handle these cases is pretty easy. I've extended the AccountController
that comes with asp.net mvc to include an administrative tool including all the features you want. It was pretty easy to implement since all that functionality is there, it's just a matter of exposing it.
Aug 05, 2012 09:15 AM|aknuds1|LINK
I suppose, but I appreciate having a ready-made solution as a starting point. To that end, I've started using Security Guard and it looks pretty good so far. Tailoring it to my needs right now.
Aug 05, 2012 10:43 AM|francesco abbruzzese|LINK
What SecurityGuard do is just providing some controllers and Views, so one cannot say it is an higher level solution as using directly the native asp.net classes. In fact the business layer of SeurityGuard (or similar softwares) is EXACTLY the MembershipUser
and other related classes.
The only difference is that what you call "higher level" softwares propose also a "graphical" and "View Organization" solution. Now if the graphical solution of one of this software "fit enough" your needs you can use them as starting point for your custom
system...otherwise you will need to write controllers and views from scratch. In any case giving a look to them might be useful, so you may have a better idea of how to organize your solution.
However, if you need something more than a role based security, such as for instance a privilege based security, than you have to look for something that is ACTUALLY Higher level than the asp.net standard security framework, because you will need to modify
also the business layer.
Aug 05, 2012 11:59 AM|Laurent Jordi|LINK
Out of the box ADO.net Role and memberhsip provider is ADO.net based. So, if you use it in a standard MVC Applicaton you need two connection strings.
If you have a look to http://innovacallframework.codeplex.com/SourceControl/changeset/view/14126#295018
It's a Entity Framework Role And Membership provider.
If you use the starter kit : Log on and registraton (with account activation email) are implemented.
With this, you only need a single connexion string.
You can test it here :
(for demo, you are logged as admin by default), but LongOn, LogOff, Register, Activation Mail and Edit Profile are implemented (I did not finish the change password).
LogOff Seems to don't work but it do. I connect admin in the session starts and it occurs when you logoff, so you are immediately reconnected, I'm working on a new solution for google to be able to reference my page even if Role and membership is activated.