Hi,
I'm new to MVC (of all versions) and relatively new to web app development, so maybe someone can tell me if there's a better way to do this, or what I'm doing wrong.
My company has an existing website that was written in Visual Studio 2012 with the ASP.NET website template that uses the basic SimpleMembership (WebMatrix.WebData) stuff that was automatically in the template, but has had the database connection string pointed to a full SQL database that contains the membership tables and some other custom tables as well. The users database was modified slightly (for instance UserID was renamed to ClientID and the UserProfiles table was renamed ClientInfo for whatever reason, and had some more columns added, but the basic functionality remains untouched.) It works fine.
I am now developing an MVC 5 web app using Visual Studio 2013 that needs to have its own (separate) membership database. The template is setup with Entity Framework of course, and has all the newest ways of doing things. But for one small part of this app they want the user to provide their credentials to the above mentioned website and verify their username and password exists and is correct before they are given access to a few of the functions.
So, the question is: How can I have an MVC5 web app verify a user/pass from a Simple Membership database that isn't part of the web-app.
Having the new web app log them in with the website credentials is fine, but not necessary. It would be enough just to verify the user/pass, but have them actually be "logged in" with the credentials from the Entity Framework. Either way is fine. I don't have the freedom to structurally change the existing website or its database, and we definitely want to use the new version of MVC and the better security methods for the web app. This is the only way I need them to interact.
What I've tried: I've read a ton of forums, blogs, and tutorials, but none have actually addressed the idea of what I'm trying to do. Lots of advice on changing to simple membership, upgrading versions, changing types for the web app... none on how the two authentication methods could be used in the same application.
So I tried just copying the WebMatrix.Data and WebMatrix.WebData DLL's (and associated files) from the VS2012 website project into the VS2013 project folder and adding them to references. I added the connection string in the Web.config file. Then I attempted to initialize a database connection the same way the website does, either in Startup.Auth.cs (in the ConfigureAuth method before it initializes the normal DbContext) or directly in the AccountController in the Login Task method. Like so:
<connectionStrings>
<addname="DefaultConnection"connectionString="Server=www.xxxxxxx.com,xxxx;Database=Users;User ID=sa;Password=xxxxxxx;Integrated Security=False"providerName="System.Data.SqlClient" /> //**This is the default membership database used for all facets of the web app
<addname="ISClients"connectionString="Server=www.xxxxxxxxx.com,xxxx;Database=Clients;User ID=sa;Password=xxxxxxxx;Integrated Security=False"providerName="System.Data.SqlClient"/> //**This points to the external website's membership database using Simple Membership
</connectionStrings>
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
WebSecurity.InitializeDatabaseConnection("ISClients", "ClientInfo", "ClientId", "Email", autoCreateTables: false);
//Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
.
.
.
Needless to say, the connection string and InitializeDatabaseConnection call are both identical to the way the website does it, and it works fine.
But when the MVC 5 app hits the "WebSecurity.InitializeDatabaseConnection" line, it throws the following exception:
An exception of type 'System.InvalidOperationException' occurred in WebMatrix.WebData.dll but was not handled in user code
Additional information: No user table found that has the name "ClientInfo".
Obviously the user table is there and the database connection string works fine from other sources, so I have to assume there are other incompatibilities or configuration problems that I'm running into. Can anybody tell me what I'm doing wrong or what other angles I could approach this problem from?
Thanks!