Custom Authentiaction with ASP..NET MVC

Custom Authentiaction with ASP..NET MVC

Old forum URL:

smeets116 posted on Monday, July 01, 2013


After reading Rocky's books, I ran into a wall when programming the security of my website. The custom Principal and Identity parts works fine. Then I read book 6 AspMvc.

The sample project uses membership authentication. Then I went back to the samples and looked into dataportal/authentication/ custom. Here i found a lot of code in the Accountmodel about implementing a custom membershipservice and formsauthenticationservice.

I want to use my own security database, like the older projecttracker samples. So I build a custom principal and identity.

Do I need to programm the custom membershipservice and formsauthenticationservice, because the default logon procedure stops when starting a 'validateuser' method. which i dont have programmed atthis moment.

To check if my code works I programmed a shortcut, of which I don't know if it is a good idea.


public ActionResult LogOn(LogOnModel model, string returnUrl)


if (ModelState.IsValid)


if (BusinessLayer.Security.VsPrincipal.Login(model.UserName, model.Password))


FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/"


Any help would be very appreciated. Thanks



RockfordLhotka replied on Monday, July 01, 2013

There are several different technologies working together in these examples.

First, there's the CSLA custom principal/identity types. You use these for almost all scenarios, especially when you are using your own user/role tables.

Second, there's the ASP.NET and IIS authentication model, which can be configured many different ways.

Third, there is the ASP.NET provider model that is used by the various ASP.NET controls and templates. This is where things like the membershipservice come into play.

Fourth, there is the CSLA data portal configuration.

To your specific question, you need to use a custom principal/identity when using your own user/role tables. And you need to configure ASP.NET/IIS to not use Windows authentication, but to use Forms authentication. And (if you want the ASP.NET controls/templates to work right) you need to implement authentication and membership providers that point to your custom principal/identity. And you need to not configure the data portal to use Windows authentication.

smeets116 replied on Monday, July 01, 2013


And thank you for your answer.

I thought that's were I was going to mix 2 different roads with custom authentication and ASP.Net membership.

Can i follow the example, starting with custom authentication (using my own databases) as explained in the book DataPortal. And go from there using the same approach as in the Asp-Mvc book (still using my own user- database).

Thank You.

RockfordLhotka replied on Monday, July 01, 2013

Yes, you should be able to follow the example, but use your own database instead of the membership database.

smeets116 replied on Monday, July 01, 2013

Thanks again,

I still have a lot reading to do. a lot has changed since Csla 3.0. Last time I build a smart client application. Building websites is very new to me, and different.

Copyright (c) Marimer LLC