Saturday, 5 January 2013

Simple membership in MVC 4 quick setup guide

Hi folks,

Just working on a project at home and thought I would use the simple membership in mvc 4 as it's pretty neat.  We have a database already created so i'm using it from a database first perspective and thought i'd share the findings here in case someone else needs to do this.  Most of this can be gleaned from creating a blank internet application and getting the bits necessary but thought I would put it in one place for ease of use.

the usual way to go about simple membership is to create an internet application which will do all the gubbins for you and create these tables :


In the old membership we used to run the aspnet_regsql command to register the membership tables. if you need to tables in this example, fear not, the scripts are below. PLEASE NOTE I TAKE NO RESPONSIBILITY IF THEY DESTROY YOUR DB.  these were just generated with create script on the tables.



/****** Object:  Table [dbo].[UserProfile]    Script Date: 01/05/2013 23:09:00 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[UserProfile](
[UserId] [int] IDENTITY(1,1) NOT NULL,
[UserName] [nvarchar](56) NOT NULL,
PRIMARY KEY CLUSTERED 
(
[UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
[UserName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO


/****** Object:  Table [dbo].[webpages_Membership]    Script Date: 01/05/2013 22:55:24 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_Membership](
[UserId] [int] NOT NULL,
[CreateDate] [datetime] NULL,
[ConfirmationToken] [nvarchar](128) NULL,
[IsConfirmed] [bit] NULL,
[LastPasswordFailureDate] [datetime] NULL,
[PasswordFailuresSinceLastSuccess] [int] NOT NULL,
[Password] [nvarchar](128) NOT NULL,
[PasswordChangedDate] [datetime] NULL,
[PasswordSalt] [nvarchar](128) NOT NULL,
[PasswordVerificationToken] [nvarchar](128) NULL,
[PasswordVerificationTokenExpirationDate] [datetime] NULL,
PRIMARY KEY CLUSTERED 
(
[UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [IsConfirmed]
GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [PasswordFailuresSinceLastSuccess]
GO


/****** Object:  Table [dbo].[webpages_Roles]    Script Date: 01/05/2013 22:56:30 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_Roles](
[RoleId] [int] IDENTITY(1,1) NOT NULL,
[RoleName] [nvarchar](256) NOT NULL,
PRIMARY KEY CLUSTERED 
(
[RoleId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
[RoleName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

/****** Object:  Table [dbo].[webpages_OAuthMembership]    Script Date: 01/05/2013 22:56:56 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_OAuthMembership](
[Provider] [nvarchar](30) NOT NULL,
[ProviderUserId] [nvarchar](100) NOT NULL,
[UserId] [int] NOT NULL,
PRIMARY KEY CLUSTERED 
(
[Provider] ASC,
[ProviderUserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

/****** Object:  Table [dbo].[webpages_UsersInRoles]    Script Date: 01/05/2013 22:57:21 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_UsersInRoles](
[UserId] [int] NOT NULL,
[RoleId] [int] NOT NULL,
PRIMARY KEY CLUSTERED 
(
[UserId] ASC,
[RoleId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

ALTER TABLE [dbo].[webpages_UsersInRoles]  WITH CHECK ADD  CONSTRAINT [fk_RoleId] FOREIGN KEY([RoleId])
REFERENCES [dbo].[webpages_Roles] ([RoleId])
GO

ALTER TABLE [dbo].[webpages_UsersInRoles] CHECK CONSTRAINT [fk_RoleId]
GO

ALTER TABLE [dbo].[webpages_UsersInRoles]  WITH CHECK ADD  CONSTRAINT [fk_UserId] FOREIGN KEY([UserId])
REFERENCES [dbo].[UserProfile] ([UserId])
GO

ALTER TABLE [dbo].[webpages_UsersInRoles] CHECK CONSTRAINT [fk_UserId]
GO

With the tables created, add the following to the web.config :


    <roleManager enabled="true" defaultProvider="SimpleRoleProvider">
      <providers>
        <clear/>
        <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
      </providers>
    </roleManager>
    
  
    <membership defaultProvider="SimpleMembershipProvider">
      <providers>
        <clear/>
        <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
      </providers>
    </membership>

Which adds the standard providers for simple membership.  The project includes a filter attribute which you can place at the top of any of your controllers that need to make use of membership, the default class is the InitializeSimpleMembershipAttribute and looks like this:


[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
    public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
    {
        private static SimpleMembershipInitializer _initializer;
        private static object _initializerLock = new object();
        private static bool _isInitialized;

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            // Ensure ASP.NET Simple Membership is initialized only once per app start
            LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
        }

        private class SimpleMembershipInitializer
        {
            public SimpleMembershipInitializer()
            {
                Database.SetInitializer<UsersContext>(null);
                try
                {
                    using (var context = new UsersContext())
                    {
                        if (!context.Database.Exists())
                        {
                            // Create the SimpleMembership database without Entity Framework migration schema
                            ((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
                        }
                    }

                    WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
                    
                    if (!WebSecurity.UserExists("Administrator"))
                    {
                        WebSecurity.CreateUserAndAccount("Administrator", "password");
                    }

                    if (!Roles.RoleExists("Administrator")) Roles.CreateRole("Administrator");

                    if (!Roles.GetRolesForUser("Administrator").ToList().Contains("Admin"))
                    {
                        Roles.AddUsersToRoles(new[] { "Administrator" }, new[] {"Admin" });
                    }
                }
                catch (Exception ex)
                {
                    throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
                }
            }
        }



So Basically, lazy loads the initialisation of the membership stuff.  It is worth noting the InitializeDatabaseConnection call, the default is the name of the connection string, the UserProfile is the name of the users table (in our case UserProfile) and the next 2 fields specify the id and the username fields which is pretty much all simple membership needs in order to operate.

I have added a few lines below to show how you add other bits to the roles and users table.

OK, so if you need to use this functionality in a controller, decorate the controller class with the attribute :

 [InitializeSimpleMembership]

and you use the WebSecurity class to get access to things like the user id e.g.:

WebSecurity.CurrentUserId;

Hope that helps !
A.

No comments:

Post a Comment