Quite long ago, Microsoft came up with the concept of Membership Provider design pattern. I have used it (just like thousands of other applications) over and over to provide application security. It works great.
I was waiting for Microsoft to improve upon what they had done years ago. But, to my surprise their recent concepts around application security design have fallen short of expectations (no offence meant).
I have decent experience in designing/choosing application security related approaches. I have decided to share my design approach with the community. All the source code and database design in provided. It is available at http://applicationsecurity.codeplex.com/.
Over last many years, I have benefitted from the information people have shared on internet. This is an effort to give little back. All the advertisement money from this project will go to Habitat for Humanity Int’l.
This is the early draft of our data model. As you can see, I am using Microsoft’s Entity Framework. Important thing to notice is the fact that, our new design bridges the best of both worlds. Membership provider pattern is a very useful pattern that has worked for many years for many applications. Instead of using all the tables that come with ASPNETDB, I have created a table called CustomMembership. This will be used to provide the same provider interface that is being used by many web applications. Things take better turn with the availability of a more powerful variation of IPrincipal concrete implementation. Now, you will have access to features such as enterprise, claims etc.
Solution is built using the following technology and tools: