MVC: New Membership Starter Kit Release
// April 11th, 2008 // MVC
The Starter Kit
If you haven’t had a chance to read about the MVC Membership Starter Kit I’ve created, read this post first.
New Release
Since we first created the starter kit a week and a half ago, Maarten Balliauw and I have been hard at work fleshing out the implementation to provide as much functionality as possible. Last night we finished the last stretch of things we had identified for this release and have posted the code as a new release on CodePlex. Keep in mind you can also always download our latest builds from CodePlex as well without waiting for a new release.
New Features
OpenID
Mads Kristensen released a lightweight OpenID consumer earlier this year that I then proceeded to flesh out with a security patch. The reason I did so was so that I could include OpenID in this release of the Starter Kit.
Out of the box you can create a route to the OpenIDLogin action, which displays the following view:
Once the user has entered their OpenID url, the starter kit will take care of the rest for you, with one critical exception: you have to map the url to a user in your membership database. To do so, you simple override a virtual method and return a MembershipUser, like so:
1: protected override MembershipUser AssociateOpenIDToMembershipUser( string identity, string name, string email )
2: {
3: return Membership.GetUser(identity);
4: }
Note that the above implementation maps the OpenID url to a user’s UserName, which may or may not be what you want for your application. Adjust accordingly.
Password Recovery Tools
Maarten did a great job providing users with a way to manage their passwords. While logged in they can change their password:
Or if they are having trouble logging in, they can submit their username…
…and then answer their password question (if the system is configured to require it)…
…and they will then receive their password via email (or a newly generated password — depending on system configuration).
Client-Side Validation
All non-administrative forms now include basic client-side validation. The validations even change based upon your Membership settings.
For instance, by default the ASP.Net Membership provider requires passwords to contain at least 1 non-alphanumeric character. If a user entered a password of “password” they would see the following alert:
Components: Login & LoginStatus
Maarten created components that emulate the functionality of the old Login and LoginStatus controls. Now it is easy to have a Login box on every page.
Major Refactoring
Most of the controller and filter code has been broken out into a separate assembly.
Your FormsAuthentication and FormsAuthenticationAdministration controllers should now inherit from a base version of each. Maarten has created a boat load of virtual method hooks for each action (OnBeforeBlah, OnAfterBlah, OnErrorBlah) that provides you with easy extensibility points without needing to directly modify the starter kit base code.
Hopefully this refactoring will make it easy for you to upgrade to future versions of the starter kit’s code as they become available.
The Future
Currently we’ve cleared our plate and have no more planned features to attend to. Does this mean that we are done? No. This is what you can expect to see us working on next:
- Preview3 updates, whenever it becomes available.
- Validations on the administrative side.
- Bug fixes, of course.
- If you have suggestions for what you would like to see in the next release, please drop me a line and let me know!
You can download the new release from CodePlex.
12 Responses to “MVC: New Membership Starter Kit Release”
- Troy Goode said: Ah, interesting. Thanks for the background info Da...
- Damien Guard said: Skip(0) will also not be a no-op in LINQ to SQL in...
- Troy Goode said: Excellent catch, Craig. I have posted an updated v...
- Craig Stuntz said: I just discovered an optimization to your PagedLis...
- Joe said: I see that you left out a paragraph -- the one whe...
- David said: If the fully qualified URL contains a port, you wo...
Nice work – thanks for all the effort you guys put in.
No problem, Gabriel. Its something we use ourselves as well, so we would have had to build it anyway! =)
I’m glad you like it, let me know if you encounter any issues with the kit.
Thanks to your Membership Starter Kit I also started to work actively with MVC – and it’s great!
Andreas
Great to see OpenID coming to ASP.NET MVC.
I’m a little confused though. The project http://code.google.com/p/dotnetopenid had some big names supporting it, but they seemed to hit a snag with Diffie-Hellman encryption and BigInteger that meant that it wouldn’t work in Partial Trust, in other words on shared hosting environments (I believe you left a blog comment to Mads on this, though v2 dotnetopenid seems to now resolve this). How have you got round this?
Hi Andy,
I’m not the one that got around it actually, Mads is the one that did it. As far as I can tell he did it by not implementing the more complex parts of the protocol that required the Diffie-Hellman encryption.
What kind of functionality loss this causes I can’t say, maybe someone more well versed in OpenID (I am by no means an expert) can chime in here?
Troy
I am a little confused what make this work with no membership providers in the config. Is there a way to easily switch to a xml datasource?
Hi scubadude,
When no providers are present in the web.config, it uses the default settings (which happen to point to the ASPNETDB.mdf database in the App_Data directory).
If you were to specify a new MembershipProviderprovider in the web.config (such as one for an xml datasource) the Starter Kit should pick up on that just fine.
Here is a link to one created by Mads Kristensen (created of BlogEngine.net):
http://blog.madskristensen.dk/post/XML-membership-provider-for-ASPNET-20.aspx
I knew that was a stupid question when I asked it, lol. I was really tired and forgot there was i default for the membership provider. I uslually run it in my own database so I normally have to make my own web.config section. I just thought it was wierd when i went through the code and didn’t see it not even thinking about the default.
Anyway, i just have to say that I love this project, these filters look like there would be a great way to add extensability points to the mvc framwork.
I do have to ask 1 thing though. I noticed that you have a controller in the project that inherit from componentcontroller rather than controller anyone know of a good reference to read on the componentcontroller.
Also, i think it was a cool idea to handle routes in the controller, I was wondering though if there are certain things that one needs to be aware of when assign them there and not in the global.asax
Hi again scubadude,
To learn more about Components (and the ComponentController) take a look at this article from Mike Bosch:
http://weblogs.asp.net/mikebosch/archive/2008/03/10/using-the-componentcontroller-in-asp-net-mvc.aspx
As far as defining routes in the controller rather than the global.asax, you’ll note that all I actually do is create a method that takes the route table , add the routes, and then passes it back. Because this method is actually called by the code in the global.asax, it executes at the same time it would if it were there.
That said, the only reason I put the routes in there was so that everyone would have some friendly looking routes by default “out-of-the-box” with the starter kit. I don’t recommend doing this with all of your code. (Though there isn’t really any reason why you couldn’t — it just isn’t the current convention.)
I’ve just installed the Preview 3 bits and started playing with MVC.Net for the first time, and the first thing I bumped into was a need for login/logout/register functionality.
Being a good developer, I searched for before re-inventing the wheel, and man, it’s worth it
Great work you’ve done here with this starter kit! I’m downloading it right now and will play with it over the coming days in my pet project (best way to learn a technology, create something useful :p)
Thanks!
Hi, first i want to say great contribution, good work.
How hard would it be to have email/password for login, rather than relying on username/password?
regards,
lee
@Lee:
The easiest way would be to put a RegEx validation on the UserName field when registering so that only email addresses can be used.
If you’re in a situation where you want to use the UserName field for something else (a DisplayName, system generated UserName, OpenID UserName, etc), I have added a hook into ChangeSet 11219 that should make this possible without much extra work. You can download that changeset from:
http://www.codeplex.com/MvcMembership/SourceControl/ListDownloadableCommits.aspx