I have a custom membership/roles provider that I use in my MVC controllers that I also want to have accessible to ASP.NET MVC, so I can use AuthorizationFilters, etc. Since so many people have implemented custom providers I imagine many people have done this but I haven't figured it out or found postings that address this problem specifically. This post is sort of a flip side of my question. In my case I have my custom provider working well with my controllers, and I want MVC to use it too.
My provider is implemented with a IoC/dependency injection design. The provider exposes additional functionality beyond the baseline membership/roles API. In my controllers, I use Castle Windsor to create instances. The code looks similar to:
public class HomeController : Controller {
IMembershipService _membershipService;
public HomeController(IMembershipService membershipService) {
_membershipService= membershipService;
}
}
<castle>
<components>
<component id="MembershipService"
service="IMembershipService, MyApp"
type="MembershipService, MyApp" lifestyle="PerWebRequest">
<parameters>
<connectionString>#{defaultConnectionString}</connectionString>
</parameters>
</component>
</components>
</castle>
public class WindsorControllerFactory : DefaultControllerFactory {
private WindsorContainer _container;
public WindsorControllerFactory() {
_container = new WindsorContainer(new XmlInterpreter(new ConfigResource("castle")));
List<Type> controllerTypes = new List<Type>();
foreach (Type t in Assembly.GetExecutingAssembly().GetTypes()) {
if (typeof(IController).IsAssignableFrom(t))
controllerTypes.Add(t);
}
foreach (Type t in controllerTypes) {
// LifestyleType.Transient = new controller instance for each request
_container.AddComponentLifeStyle(t.FullName, t, LifestyleType.Transient);
}
}
protected override IController GetControllerInstance(Type controllerType) {
return (IController)_container.Resolve(controllerType);
}
This all works great in my C# code but I want to wire my provider into MVC to use [Authorize] filters with it:
[Authorize (Users="user1, user2", Roles="role8")]
public ViewResult MyResult(int x) {
// implement
}
I know that the usual way to tell ASP.NET about a custom membership or roles provider is in the web.config file as below but if I do this ASP.NET will just try to call the default constructor, which won't work. Any help appreciated.
<membership>
<providers>
<clear/>
<add name="MyMembershipProvider" type="MyMembershipProvider">
</providers>
</membership>
The simplest way to get this to work is to use ASP.NET's standard mechanism of <membership>
in web.config. You just let it use the default constructor but you override Initialize() and pull the dependencies there. Use this as reference.
Personally, due to things like this, I prefer to avoid the provider model altogether so I use an approach similar to the ones described in the MonoRail docs. IMHO it's less bloated and more flexible. In the end, it's just about setting HttpContext.User with a proper IPrincipal implementation which is what the AuthorizeAttribute uses.
I recently blogged about a solution to do proper IoC with MembershipProviders.