0

Yes hashing is better but...

So I knew I would regret this but here we go. I started a new project and decided I would use the built-in Microsoft membership stuff in MVC 4 (BasicMembership) so that I didn't have to write the registration, login, oauth, etc...

Now I want to modify some of this behavior and use as much best practice as possible. This came about because I decided I would need to associate multiple users under 1 parent (company) - I know I can do all of the work in the controller and still accomplish this, but that is not my desire.

Here is my problem/desire:

1.) I want to create the entries in SQL tables UserProfile/WebPages_Membership myself. I want to do this in my repository and I don't want it to be coupled to ASP.NET. The problem is that MVC is encrypting the password via IMembershipAdapter that I do not have access to. How can I use the same encryption key to encrypt the data so that I can accomplish #2?

2.) I dont want to re-invent the wheel entirely so I would still like to use some of the features such as: 

WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe)

3.) I don't want my business logic in the controller! While I am working at the repo level, all of the orchestration will take place in the business tier.

Thanks for taking the time to read my post :-)

Max
  • 11,885
  • 15
  • 70
  • 96
schmoopy
  • 5,989
  • 11
  • 51
  • 88

1 Answers1

1

First of all did you look at: ASP.NET MembershipProvider -- How exactly does it do encryption?

Second thig maybe use something already done like: CodeFirst Membership Provider it allows you to create own tables using EF code first.

Community
  • 1
  • 1
Piotr Stapp
  • 18,790
  • 11
  • 66
  • 112