Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum

CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • Custom Authentiaction with ASP..NET MVC

    rated by 0 users
    Not Answered This post has 0 verified answers | 4 Replies | 2 Followers

    Not Ranked
    3 Posts
    Ton Smeets posted on Mon, Jul 1 2013 4:30 AM


    After reading Rocky's books, I ran into a wall when programming the security of my website. The custom Principal and Identity parts works fine. Then I read book 6 AspMvc.

    The sample project uses membership authentication. Then I went back to the samples and looked into dataportal/authentication/ custom. Here i found a lot of code in the Accountmodel about implementing a custom membershipservice and formsauthenticationservice.

    I want to use my own security database, like the older projecttracker samples. So I build a custom principal and identity.

    Do I need to programm the custom membershipservice and formsauthenticationservice, because the default logon procedure stops when starting a 'validateuser' method. which i dont have programmed atthis moment.

    To check if my code works I programmed a shortcut, of which I don't know if it is a good idea.


    public ActionResult LogOn(LogOnModel model, string returnUrl)


    if (ModelState.IsValid)


    if (BusinessLayer.Security.VsPrincipal.Login(model.UserName, model.Password))


    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

    if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/"


    Any help would be very appreciated. Thanks



    All Replies

    Top 10 Contributor
    9,475 Posts

    There are several different technologies working together in these examples.

    First, there's the CSLA custom principal/identity types. You use these for almost all scenarios, especially when you are using your own user/role tables.

    Second, there's the ASP.NET and IIS authentication model, which can be configured many different ways.

    Third, there is the ASP.NET provider model that is used by the various ASP.NET controls and templates. This is where things like the membershipservice come into play.

    Fourth, there is the CSLA data portal configuration.

    To your specific question, you need to use a custom principal/identity when using your own user/role tables. And you need to configure ASP.NET/IIS to not use Windows authentication, but to use Forms authentication. And (if you want the ASP.NET controls/templates to work right) you need to implement authentication and membership providers that point to your custom principal/identity. And you need to not configure the data portal to use Windows authentication.


    Not Ranked
    3 Posts


    And thank you for your answer.

    I thought that's were I was going to mix 2 different roads with custom authentication and ASP.Net membership.

    Can i follow the example, starting with custom authentication (using my own databases) as explained in the book DataPortal. And go from there using the same approach as in the Asp-Mvc book (still using my own user- database).

    Thank You.

    Top 10 Contributor
    9,475 Posts

    Yes, you should be able to follow the example, but use your own database instead of the membership database.


    Not Ranked
    3 Posts

    Thanks again,

    I still have a lot reading to do. a lot has changed since Csla 3.0. Last time I build a smart client application. Building websites is very new to me, and different.

    Page 1 of 1 (5 items) | RSS

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems