I am using ASP.NET MVC 3. What does System.Web.Security.MembershipProvider bring to the table in this MVC context? The login control is not used. User session management (cookies etc.) is handled by forms authentication and not MembershipProvider, is that right?
Active directory integration? What else?
I think the Membership API can still help you to manage some of the generic concepts (Roles, Access, etc.) in a way that is specific to your application and easy to update and maintain. I believe conceptually as an abstraction of the ideas around membership are expressed well, so even if you chose to go with your own custom provider (versus the SQL or Active Directory ones), the Membership API provides a consistent concept for adding users, associating roles, maintaining profiles, et cetera.
I have found in ASP.NET MVC that if I want some of the behavior I got out of the box in ASP.NET sites, I do have to put in a little effort. I have to wire into the Application and Session start events the cookie management and creation, the association of a user to an account, hydrating a profile, etc. But the persistence methods for changing any of those still work without modification (I am using the SQL Membership Provider).
Also, there is some value in it to me to have some elements familiar from my past ASP.NET development experience. Following the practice of making a base controller for my application, I have a user context object (much like how ASP.NET pages had the User object) that I can hang Roles and Profile off of. This makes aspects of creating models for views easier. I can have UserContext as part of a model that is passed to the view, and within the view, I can do things like Model.UserContext.Profile.LastName
or Model.UserContext.Roles.Contains("EditOrderItems")
. I can also just build the model with a Role like concept already in mind and use the user's role, like in:
return View(new Model{
CanEditOrders = UserContext.Roles.Contains("EditOrderItems");
...
});
While the old Membership User Controls may not have value to an ASP.NET MVC app, the API itself can.
The controls are really a minor addition -- they were pretty much unusable for anything you needed to be standards compliant or otherwise not look like a cookie-cutter ASP.NET app. The SqlMembershipProvider takes care of lots of the other ugly parts of membership, such as:
- storing member data securely
- password membership
- mechanics of authentication
- mechanics of authorization for simple cases.
At the very least it gives you a functional membership system until you need to craft your own authentication scheme.
精彩评论