I couldn't find anything useful to this problem and I never used authentication in a web application before. So anything with / without cookies is new for me.
We've got an existing (non-web-)program using SQL Server accounts for authentication. Now, I want to do the same with my MVC3 project.
Every user has the same rights inside the database. The (non-web-)program handles the rights itself. After logging in successful (with an SQL account), the login name is mapped to an entity in the database from which one can get the users ID and handle the right management. If the user "admin" is logged in, he gets the ID 4711 and will see some more input fields etc. while other users have less rights.
Is this possible?
Besides that: What's the best approach to store the authentication and how?
Thanks in advance.
Asp.Net in general (not specific to MVC) has a builtin way to manage authentication.
It's done through MembershipProvider, RoleProvider and PrincipalProvider. You can google those for more details.
In your scenario, where you have to check user credentials against an existing schema, you could simply implement your own custom MembershipProvider (and, if needed, RoleProvider and/or PrincipalProvider) deriving from the base class.
Inside your custom provider you'll implement the signature methods with your domain specific code.
Lastly, you just register your custom provider to be the default in the web.config and you're set. Your app can use the default Membership API to authenticate users and manager credentials.
If your DB structure is already decided on, you can write your own MembershipProvider that accesses your database (see http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx and http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx).
If you are flexible on the DB structure, you can use ASP.NET's built-in SqlMembershipProvider (see http://codehighstreet.com/Articles/overview_of_membership_and_installing_sql_membership_provider-part_1/overview_of_membership_and_installing_sql_membership_provider-part_1.aspx). You then have to run a SQL script that creates the tables and indexes for you. This works in MVC 3.
