Deploy a Secure ASP.NET MVC application with OAuth, Membership and SQL Database

Deploy a Secure ASP.NET MVC application with OAuth, Membership and SQL Database

Rate This
  • Comments 9

I’ve published a tutorial shows you how to build a secure ASP.NET MVC 4 web application that enables users to log in with credentials from Facebook, Yahoo, and Google and deploy the application to Windows Azure.

This tutorial assumes that you have no prior experience using Windows Azure. On completing this tutorial, you'll have a secure data-driven web application up and running in the cloud and using a cloud database.

You'll learn:

  • How to enable your machine for Windows Azure development by installing the Windows Azure SDK.
  • How to create a secure ASP.NET MVC 4 project and publish it to a Windows Azure Web Site.
  • How to use OAuth and the ASP.NET membership database to secure your application.
  • How to deploy a membership database to Windows Azure.
  • How to use a SQL database to store data in Windows Azure.
  • How to use Visual Studio to update and manage the membership database on SQL Azure.

You'll build a simple contact list web application that is built on ASP.NET MVC 4 and uses the ADO.NET Entity Framework for database access. The following illustration shows the login page for the completed application:


rxb

 
This tutorial and the sample application was written by Rick Anderson (Twitter @RickAndMSFT) with assistance from Tom Dykstra, Tom FitzMacken and Barry Dorrans (Twitter @blowdart).

Please leave feedback on what you liked or what you would like to see improved, not only about the tutorial itself but also about the products that it demonstrates. Your feedback will help us prioritize improvements. We are especially interested in finding out how much interest there is in more automation for the process of configuring and deploying the membership database.

  • Hats off! What a post. Thanks for sharing this resourceful information.

  • Gr8 Post

  • Very nice post.

  • Awesome post, I can finally deploy a secure app.

  • If we follow some technique then our ASP.NET applications will be more secured. Some of them are

    Prevent Cross Site Scripting (XSS)

    Prevent SQL Injection

    Encrypt Connection String in web.config File

    Always Set a Custom Error Page

    Encrypt Sensitive Data

    Use Session instead of Cookies

    Use Validation

    for more with example please visit:

    cybarlab.blogspot.com/.../aspnet-web-application-security.html[^]

    Thanks.

  • I thought multiple DB contexts were not possible on the same database. This seems to show that it is possible. What is the disconnect?

    Also, even if it is allowed, why not combine them into a single context. In most cases, you'll want to query by user anyway, so the UserProfile would then need to be connected to two contexts. So why not just make it one?

  • @Dan Friedman  - multiple DB contexts - combine them

    Yes, multiple contexts are allowed - and you're right, merge them so you can include users in your queries. To do this:

    1.       Delete the UsersContext class

    2.       Add the UserProfiles DbSet to your application’s context

    3.  Update the InitializeSimpleMembershipAttribute. SimpleMembershipInitializer class to look like the following:

    private class SimpleMembershipInitializer

    {

       public SimpleMembershipInitializer()

       {

           try

           {

               using (var context = new MyContext())

               {

                   // Ensure the database has been initialized

                   context.Database.Initialize(force: false);

               }

               WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);

           }

           catch (Exception ex)

           {

               throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see go.microsoft.com/fwlink, ex);

           }

       }

    }

    After doing this, you can easily query the UserProfiles, and even reference the UserProfile entity from other entities in your application’s context.

  • please, Rick_Anderson i want a link to download the project code, thanks

  • @jahuira - download- The code portion of the tutorial is pretty easy to follow and much of it is about tools and procedures, so we won't be providing a download.

Page 1 of 1 (9 items)