Showing posts from February, 2013

Mixing Forms Authentication, Basic Authentication, and SimpleMembership

ASP.NET MVC 4 introduced us to ASP.NET Web API, which makes it much easier to develop RESTful API's.  These API's can be consumed by your MVC web application or by external sources. This prompts many to ask, how can I create a single API that is secure to the outside yet incorporate the security methods that are fundamental to ASP.NET forms authentication.  I was interested in a solution myself so I tried out some concepts and I think I found a pretty good solution.

My solution incorporates the use of basic authentication along with with the typical forms authentication.  It also uses the SimpleMembership that is part of MVC 4 Internet applications. To follow along with this tutorial you will need to start with my introduction on customizing and seeding SimpleMembership.  I will use the membership information seeded in this example for testing the application.

Basic authentication puts the encoded credentials in the header of the HTTP request. In order to capture this informa…

Adding Email Confirmation to SimpleMembership

In a previous post I described how to seed and customize the SimpleMembership provider that is now the default membership provider for an ASP.NET MVC 4 Internet application.  In this post we will extend what we learned from the previous post and incorporate an email confirmation step to the registration process.  SimpleMembership actually makes this very straight forward.  I will assume that you have followed the steps in my previous post and have already modified the UserProfile class to include an Email property.

First we need to modify the RegisterModel in AccountModels.cs to include an Email property for capturing the email address during registration.

public class RegisterModel { [Required] [Display(Name = "User name")] public string UserName { get; set; } [Required] [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)] [DataType(DataType.Password)] [Display(Name = "Password"…