Custom membership or not

I am creating website (football, soccer) in ASP.NET MVC3 and I want have users (with additional information then user in default membership, these are ordinary visitors) and players which I think it is best thet they would inherit users and have s开发者_如何学运维ome addional iformation as dress number, ... Players also could post articles, users can just comment articles. What is best way to do this? Should I use default membership provider or should I make my own or use some 3rd party solutions? And can you post some articles and tutorials for changing original provider or article for making own provider for asp.net MVC3? Or is it same as MVC2?

It is very easy to create your own Membership Provider. Just create class derived from MembershipProvider. And implement members which look into DB, for example (or any other data source).

public class YourMembershipClass: MembershipProvider
{
    public override bool ValidateUser(string username, string password)
    {
         return YourDataLayer.ValidateUser(username, password);
    }
    public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
    {
        return YourDataLayer.GetSpecificUser(providerUserKey, userIsOnline);
    }
    // Implement the other methods as well
 }

Then add your YourMembershipClass to web.config:

<membership defaultProvider="MlgMembership">
  <providers>
    <clear />
    <add name="CustomMembership" type="YourMembershipClass" enablePasswordRetrieval="false" />       
  </providers>
</membership>

If you are looking to store profile type information e.g. first name, last name, job title etc. against each user then you should be able to use the Profile system built into ASP.NET Membership. If you are looking to store more identity related information then yes you will have to create some sort of custom membership provider. There is a good video on creating a custom provider on the ASP.NET website: http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider

Regarding allowing different types of users to perform different actions you can use the Roles system built into ASP.NET Membership. You can tell your action methods to only allow calls from users in certain roles. For example if you had a PostArticle action method and you only wanted players to be able to access it you would have something like this:

[Authorize(Roles="Player")]
public ActionResult PostArtcile(){
    return View();
}

The Authorize attribute tells MVC to only allow authenticated users in the "Player" role to call the action method. You'll still need to restrict the availability of a post article link in your front end but there are several ways to do that.

There is a great series of articles by Scott Mitchell which covers all things membership based: https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx

Have a look at this soccer Club Site asp.net starter kit.

I Advice you to:

• Use Membership provider to just deal with user registration and authentication. And let it take care of user security stuffs (rest password, validate user ....)

• Then use Roles to separate your users to their roles ("Players, normalUsers,..").

• And NEVER use Profile provider cause it cost so many traffic you don't want and instead of you could make your custom table in DataBase to store your additional information.

• Then you may use EF or any ORM to get this information whenever you want.

• Don't forget to use authorization attributes [Authorize(Roles="Players")]in your Controllers and Actions deppending on the Roles.

I would advise implementing your own membership provider, it means implementing only the bits you need and forms a foundation for all your user management.

The Membership provider is the same for WebForms and MVC, there are quite a few examples on SO and Google.