Last post Oct 20, 2011 07:27 AM by magicmike2011
Oct 18, 2011 08:04 PM|unistd|LINK
I hate asp.net, bcz it makes things
complicated. I like asp. It is simple, the programmer can write any part of their website.
I do not want the user to write a security question and a email when registing, I just want them to write the username and password ,but the membership provider has email\ security question members....
How can I completely drop the sessionstate\ membership\profile\cache. part of asp.net , I want to
implement them by my own code and I dont need some of them.
If I want to make a single sign-on system, I have to write a module to replace the default module provided by asp.net ???
If I want to make a security check system, should I have to write a module to replace the role provider ??
I want to know where the username comes from in HttpContext.User, does it comes from membership provider ??? which module use the membership provider and which module use the profile provider and which module use the role provider ??
asp.net should first tell us these important questions, enven in a primary course.
asp.net should only provide a simple framwork ,and asp.net should believe that we can write code better than microsoft, asp.net should not provide some ugly functions that cannot be used in industry feild!!!!!!!!!
I want a document about detailed describetion of what occurs in the httpapplication process pipeline, in each event ,which module works and which member of httpcontext was valid, and How we porgammer implement a new module to replece the default module provided
Oct 18, 2011 08:21 PM|magicmike2011|LINK
If you are new or relatively new to asp.net development you will most definitely have a hard time dissecting the default membership providers as they are very complex and complicated and operate through multiple layers of inheritance and indirection...
As for your question, there are a few simple solutions.
1. You can create a simple bit of code that doeas simple processes of using just a username and password to register users, login, etc. It is relatively simple to do so, but doing this , you have to provide your own code for validating logins, validating
input thoroughly etc.
2. Another option would be to customize the default providers configurations in the root web.config.
You can disable the features you don't desire such as the password reset question and answer requirement, minimum alphanumeric characters required in password etc. Once you set these features you can customize the registration wizard and login controls
to reflect the changes you made by simply deleting the unecessary server controls from them. If you use the default providers you will come to love the features it allows you to use.
Oct 18, 2011 08:30 PM|unistd|LINK
where the username comes from in httpcontext.user, and how the IsAuthented comes from in httpcontext.user??????
Oct 19, 2011 04:19 AM|Dave Sussman|LINK
ASP.NET is much more involved than ASP, but that was a design choice. As already mentioned, you can customise the providers to remove some of the features you don't need, but there is a base configuration, so you're stuck with some of it. But you can just
not use any of it and write your own; that's what you'd have to do in ASP. You can also, if you want, to, completely remove the modules and replace them with your own.
For logins you'd need to write an Authentication Module and for security checks an Authorization Module.
The existing membership provider sets a cookie with the authentication details and that cookie is returned with every request. It's those cookie details that set the HttpContext properties.
There is plenty of really good material available:
You can also get the source code for the existing providers (not the modules) from
Oct 19, 2011 11:02 AM|unistd|LINK
I want to know which module use membershipprovider ,I guess the ForumsAuthenticationModule use it .
Then If I replace the FormsAuthenticaton Module, I do not need to use membership provider ,,,and like role provider...
In msdn, It only desc how to implement a membership provider, but not say where the membership is used.
Oct 20, 2011 03:46 AM|Dave Sussman|LINK
I'm not sure of the dependencies. You can always use a decompilation tool (http://www.telerik.com/products/decompiler.aspx) to check what the existing modules do.
Oct 20, 2011 07:27 AM|magicmike2011|LINK
When I started creating my own providers from the ground up, I thought it would be a great idea to take a peak at the way the default providers are structured. Believe me...you don't wanna know... lol. Seriously. There are so many
levels of inheritance, so many interfaces, and base classes, etc. It gets very hard to track through the libraries. The Membership provider and all of its dependancies derive from deeper base classes within the heart of the .NET framework in a very complex
structuring. The membership provider is used in many. many namespaces. Too many to isolate it to one "this uses it here" area.
I do not need to use membership provider ,,,and like role provider...
Unfortunately the only way you can really use this is if you use a form of membership with it. You can't assign and use roles in the default provider system without having some sort of way of implementing the roles purpose. If it
were a local intranet, you could justify using windows authentication and roles. As for internet-accessible applications, you very seldom ever want to even consider windows authentication.
If you really are determined to only use a name, password (and role maybe), you will have to create your own way of doing this. It can be very simple to do, but I hope security isn't an issue for you because it will definitely be
very vulnerable to attacks.
Let me know if thats the way you want to go and I'll help you throw something together. But definitely give default implementation some thought...