Troy Goode: SquaredRoot

ASP.Net, C#, MVC, and LINQ

MVC: New Membership Starter Kit Release

Troy Goode [Permalink]
April 11, 2008 12:19 PM

The Starter Kit

If you haven't had a chance to read about the MVC Membership Starter Kit I've created, read this post first.

New Release

Since we first created the starter kit a week and a half ago, Maarten Balliauw and I have been hard at work fleshing out the implementation to provide as much functionality as possible. Last night we finished the last stretch of things we had identified for this release and have posted the code as a new release on CodePlex. Keep in mind you can also always download our latest builds from CodePlex as well without waiting for a new release.

New Features

OpenID

Mads Kristensen released a lightweight OpenID consumer earlier this year that I then proceeded to flesh out with a security patch. The reason I did so was so that I could include OpenID in this release of the Starter Kit.

Out of the box you can create a route to the OpenIDLogin action, which displays the following view:

OpenID

Once the user has entered their OpenID url, the starter kit will take care of the rest for you, with one critical exception: you have to map the url to a user in your membership database. To do so, you simple override a virtual method and return a MembershipUser, like so:

   1: protected override MembershipUser AssociateOpenIDToMembershipUser( string identity, string name, string email )
   2: {
   3:     return Membership.GetUser(identity);
   4: }

Note that the above implementation maps the OpenID url to a user's UserName, which may or may not be what you want for your application. Adjust accordingly.

Password Recovery Tools

Maarten did a great job providing users with a way to manage their passwords. While logged in they can change their password:

ChangePassword

Or if they are having trouble logging in, they can submit their username...

ForgotPassword

...and then answer their password question (if the system is configured to require it)...

PasswordQuestion

...and they will then receive their password via email (or a newly generated password -- depending on system configuration).

Client-Side Validation

All non-administrative forms now include basic client-side validation. The validations even change based upon your Membership settings.

For instance, by default the ASP.Net Membership provider requires passwords to contain at least 1 non-alphanumeric character. If a user entered a password of "password" they would see the following alert:

ClientSideValidation 

Components: Login & LoginStatus

Maarten created components that emulate the functionality of the old Login and LoginStatus controls. Now it is easy to have a Login box on every page.

Major Refactoring

Most of the controller and filter code has been broken out into a separate assembly.

Your FormsAuthentication and FormsAuthenticationAdministration controllers should now inherit from a base version of each. Maarten has created a boat load of virtual method hooks for each action (OnBeforeBlah, OnAfterBlah, OnErrorBlah) that provides you with easy extensibility points without needing to directly modify the starter kit base code.

Hopefully this refactoring will make it easy for you to upgrade to future versions of the starter kit's code as they become available.

The Future

Currently we've cleared our plate and have no more planned features to attend to. Does this mean that we are done? No. This is what you can expect to see us working on next:

  • Preview3 updates, whenever it becomes available.
  • Validations on the administrative side.
  • Bug fixes, of course. :-)
  • If you have suggestions for what you would like to see in the next release, please drop me a line and let me know!

You can download the new release from CodePlex.

Kick It!
Tags: ,
Categories: MVC
Actions: E-mail | Permalink | Comments (12) RSS Feed for this post's comments.

Comments

4/11/2008 1:35 PM #

Gabriel

Nice work - thanks for all the effort you guys put in.

Gabriel us

4/11/2008 2:07 PM #

Troy Goode

No problem, Gabriel. Its something we use ourselves as well, so we would have had to build it anyway! =)

I'm glad you like it, let me know if you encounter any issues with the kit.

Troy Goode us

4/12/2008 4:49 AM #

Andreas

Thanks to your Membership Starter Kit I also started to work actively with MVC - and it's great! Smile

Andreas

Andreas de

4/12/2008 5:38 AM #

Andy

Great to see OpenID coming to ASP.NET MVC.

I'm a little confused though. The project http://code.google.com/p/dotnetopenid had some big names supporting it, but they seemed to hit a snag with Diffie-Hellman encryption and BigInteger that meant that it wouldn't work in Partial Trust, in other words on shared hosting environments (I believe you left a blog comment to Mads on this, though v2 dotnetopenid seems to now resolve this). How have you got round this?

Andy gb

4/12/2008 9:53 AM #

Troy Goode

Hi Andy,

I'm not the one that got around it actually, Mads is the one that did it. As far as I can tell he did it by not implementing the more complex parts of the protocol that required the Diffie-Hellman encryption.

What kind of functionality loss this causes I can't say, maybe someone more well versed in OpenID (I am by no means an expert) can chime in here?

Troy

Troy Goode us

4/15/2008 1:04 AM #

scubadude

I am a little confused what make this work with no membership providers in the config. Is there a way to easily switch to a xml datasource?

scubadude us

4/15/2008 1:44 AM #

Troy Goode

Hi scubadude,

When no providers are present in the web.config, it uses the default settings (which happen to point to the ASPNETDB.mdf database in the App_Data directory).

If you were to specify a new MembershipProviderprovider in the web.config (such as one for an xml datasource) the Starter Kit should pick up on that just fine.

Here is a link to one created by Mads Kristensen (created of BlogEngine.net):

blog.madskristensen.dk/.../...r-for-ASPNET-20.aspx

Troy Goode us

4/15/2008 2:45 PM #

scubadude

I knew that was a stupid question when I asked it, lol. I was really tired and forgot there was i default for the membership provider. I uslually run it in my own database so I normally have to make my own web.config section. I just thought it was wierd when i went through the code and didn't see it not even thinking about the default.

Anyway, i just have to say that I love this project, these filters look like there would be a great way to add extensability points to the mvc framwork.

I do have to ask 1 thing though. I noticed that you have a controller in the project that inherit from componentcontroller rather than controller anyone know of a good reference to read on the componentcontroller.

Also, i think it was a cool idea to handle routes in the controller, I was wondering though if there are certain things that one needs to be aware of when assign them there and not in the global.asax

scubadude us

4/15/2008 8:36 PM #

Troy Goode

Hi again scubadude,

To learn more about Components (and the ComponentController) take a look at this article from Mike Bosch:

weblogs.asp.net/.../...troller-in-asp-net-mvc.aspx

As far as defining routes in the controller rather than the global.asax, you'll note that all I actually do is create a method that takes the route table , add the routes, and then passes it back. Because this method is actually called by the code in the global.asax, it executes at the same time it would if it were there.

That said, the only reason I put the routes in there was so that everyone would have some friendly looking routes by default "out-of-the-box" with the starter kit. I don't recommend doing this with all of your code. (Though there isn't really any reason why you couldn't -- it just isn't the current convention.)

Troy Goode us

6/1/2008 5:45 PM #

David Cumps

I've just installed the Preview 3 bits and started playing with MVC.Net for the first time, and the first thing I bumped into was a need for login/logout/register functionality.

Being a good developer, I searched for before re-inventing the wheel, and man, it's worth it Smile

Great work you've done here with this starter kit! I'm downloading it right now and will play with it over the coming days in my pet project (best way to learn a technology, create something useful :p)

Thanks!

David Cumps be

6/21/2008 12:08 PM #

ecards

Hi, first i want to say great contribution, good work.

How hard would it be to have email/password for login, rather than relying on username/password?

regards,
lee

ecards us

7/1/2008 12:14 PM #

Troy Goode

@Lee:
The easiest way would be to put a RegEx validation on the UserName field when registering so that only email addresses can be used.

If you're in a situation where you want to use the UserName field for something else (a DisplayName, system generated UserName, OpenID UserName, etc), I have added a hook into ChangeSet 11219 that should make this possible without much extra work. You can download that changeset from:

www.codeplex.com/.../ListDownloadableCommits.aspx

Troy Goode us

Add Comment


(Will show your Gravatar icon)  

  Country flag

biuquote
  • Comment
  • Preview
Loading




Troy Goode

Troy Goode
Microsoft Certified Professional Developer
AddThis Feed Button

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in  anyway.

© Copyright 2008

Colophon

Powered by:
BlogEngine.NET 1.4
Template:
Designs by Darren
Header Font:
Stamper
Syntax Highlighting:
WLW Code Snippet Plugin

© Copyright 2008, Troy Goode. All rights reserved.
Email Me: tgoode@squaredroot.com  Sign In