I am trying to get my arms around the providers and how to best use the login controls in asp.net 2.0 with Oracle.
First, I have read through a number of documents discussing the provider model, different providers (membership, role, etc.) ref: ASP.NET 2.0 Provider Model:Introduction to the Provider Model Oct. 2005
I am getting a mental disconnect from what I think I understand about the provider model and how to code the web application.To me it seems the provider model abstracts the code so I am not coupled to a specific database. This is great if you need to use multiple or different backend data stores. We just use Oracle and that isn't going to change anytime soon.
It seems I could write my own custom Oracle Membership provider but their are pro's and con's to this approach. It seems I have to use seperate tables for roles and membership that would have user's username, password, email, etc.This seems redundant though since I have this information in the Oracle system tables and Oracle authenticates this data. If I create a seperate table to support the Membership provider it seems it would quickly be out of sync with the system tables whenever passwods are changed. How can I make use of Oracle's authentication in my own custom Membership/Role provider and during the course of running the application?
For example, I have Oracle behind that scenes that needs a username/password whenever I want to connect to the database. I would like to use select providers (Membership and Role) but Don't want to create a seperate table in Oracle that these providers would use for validation.
I login to the web application and at some point I need to display the orders for my customers. I select the orders and the web app uses my System.Data.Oracle.Client provider to run the query and return the results. Did ASP.NET 2.0 refer to a cookie to get the correct oracle username/password that should be used for the query to be executed ?
Any advice and counsel is appreciated and is there a free Oracle Membership and Role provider that I can use in my applications?
Concentra Preferred Systems
I don't know if it'll help you at this time, but it looks like Oracle is intending on releasing a membership provider. http://forums.oracle.com/forums/message.jspa?messageID=1066867
Thanks for the reply. Yes, it's helpful to know they are working on it. Unfortunately, we may have to re-invent the wheel since Oracle is draggin their feet (or so it seems like they are) with Oracle Developer Tools for Visual Studio 2005.
The overall question still remains for me:
1) Create a seperate table in Oracle, and Oracle custom Membership and Role provider
2) Use SQL Server Express for my Membership and Role provider data store
3) use a basic Forms Authentication approach that is custom coded to let a user access the web application if they are validated logging in to Oracle.
Anyone using Oracle as a backend for their web applications have any comments on why they chose one of the approachs above over another, or even a different approach than the three stated above?
Concentra Preferred Systems
Actually i dont understand why you use Oracle system account for your user authentication. . Why dont you use one Oracle account to connect DB and create a user table and validate user on that table. Or am i misunderstood your problem?
We are using the Oracle for our web app. and we wrote custom provider for oracle. And you dont need to implement all methods.
Second method is generally useless why do you need another DB. when you got Oracle. Just create tables and custom provider.
>Actually i dont understand why you use Oracle system account for your user authentication. . Why >dont you use one Oracle account to connect DB and create a user table and validate user on that >table. Or am i misunderstood your problem?
Well, I may understand this wrong, too.
To me it looks like if I want to use the Membership or Role objects I need a supporting data store. Microsoft only has their providers which are SQL Server specific for the Membership and Role providers. I may want to use Oracle instead since that is our back-end. We can either write our own custom Membership and Role provider, OR install SQL Express on our Web Server then configure and use it for Membership and Role data.
The problem is redundant information in Oracle. We have users configured in Oracle today that we use in our applications. Oracle has the roles and privledges already defined for the database objects. All Oracle specific and nothing new to Oracle.
BUT, if I use an Oracle custom provider I'll have to create a table to support the Membership and Role data. The username/password in this new table could be the same as defined for their Oracle login or it could be different.So, we end up with one username/password combo that is Oracle specific in the Oracle system tables and another username/password combo in the new table that is used for our web application. Now a user may have to remember multiple username/passwords. I'd like to avoid this if possible.
>We are using the Oracle for our web app. and we wrote custom provider for oracle. And you dont >need to implement all methods.
If I understand it correctly then, this customer provider accesses a seperate table in Oracle you created to hold the Membership and Role data necessary for these objects to authenticate/validate your users. This is seperate from what the DBA defined for your users in Oracle I assume. Your ASP.NET 2.0 app then uses this new table from your web app to valida users and authenticate through the custom provider/membership object/login controls. Correct?
And finally I have a great article on the provider model where I can see that I don't need to support all the methods of the Membership provider. If we go this route(customer Oracle provider) I'll probably create a ReadOnly Membership Provider just to validate and authenticate and let the DBA's only do admin.
I am trolling to see if this is the way most shops handle validation/authentication in ASP.NET 2.0 or is there a "better" way to do this.
Concentra Preferred Systems
Install SQL Express on our Web Server is an option but it's the same process as the writing custom provider except for creating new provider :) So it must be the last option."If I understand it correctly then, this customer provider accesses a seperate table in Oracle you created to hold the Membership and Role data necessary for these objects to authenticate/validate your users. This is seperate from what the DBA defined for your users in Oracle I assume. Your ASP.NET 2.0 app then uses this new table from your web app to valida users and authenticate through the custom provider/membership object/login controls. Correct?"Correct.
In your position you should create a user and role table, migrate users&role the new tables. and then write a custom provider. If you go to http://msdn.microsoft.com/asp.net/downloads/providers/
you see there is Sample Access provider and code template for user and role management. This i what we do in our project.