Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Max Maximov2014-10-05 18:21:53
ASP.NET
Max Maximov, 2014-10-05 18:21:53

How to implement custom authentication and authorization in ASP.NET MVC 5?

Hello.
For a long time I have been using the authorization system from MS ( ASP.NET Identity 2.0 ), ASP.NET MVC gurus speak very badly about it, and I myself have found my jambs for a long time:
1. Very strong binding to SQL-Server - it is difficult to change the base . And at the moment the system is updated every two months, which makes it necessary to rewrite other people's implementations for new ones, especially NoSQL.
2. Doesn't allow adding own attributes to the collection (Claims doesn't count).
3.Does not check access when requested, i.e. the check is only based on the issued cookies and their date. If I log in from two browsers and change the password in the second browser, then the session in the first browser remains valid - the user can safely scroll through the secure pages of the site until the Nth time has passed. But the option to set the check time to a short time has its drawbacks, the obvious one is: sometimes you have to press Logout several times to make it work. :D
I myself have seen only 1 project closed from an experienced developer (he checks via Application_BeginRequest) and a few articles on the net (via BaseController and IPrincipal). And in each I miss something, and which one is better to use?
ASP.NET MVC gurus, please share your authentication and authorization implementations, or point me to what you think is the best article that describes a good and flexible authorization system. Preferably under MVC 5.
Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
asdz, 2014-10-05
@asdz

What do you mean by

Does not allow adding custom attributes to the collection
What collection do you mean?
and
Doesn't check access when requested
? And I would also like to hear from the respondents what exactly is badly done in Identity? Personally, I don't understand why in IdentityUser 2.0
public class IdentityUser : IUser
{
...
public virtual ICollection<IdentityUserRole> Roles { get; }
...
}
<code>
роли пользователя представлены не в виде коллекции ролей, а в виде связывающих сущностей 
<code>
public class IdentityUserRole<TKey> 
{
    public IdentityUserRole();
    public virtual TKey RoleId { get; set; }
    public virtual TKey UserId { get; set; }
}
<code>

Report
A
Alexey Alex, 2014-10-06
@alexqq

Try to use universal providers by adding Micrrosoft.AspNet.Providers... As for me, it is more convenient and easy to redefine... I also dislike Identity... A little too smart.

Similar questions
D
Dmitry Filandor2015-02-12 15:56:09
How do you make a dynamic sitemap.xml for a site? 3Reply
D
Dmitry2019-07-11 21:38:23
How to return the view that caused the modal window? 0Reply
D
DarkByte20152017-02-14 13:35:25
Why can't I send the file? 1Reply
S
SDV_IT2017-02-18 12:43:01
What is a project in C # ASP.NET MVC, so that a beginner can try to apply knowledge and understand in general? 1Reply
D
DarkByte20152017-02-18 21:40:27
Razor doesn't work with anonymous types? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question