Geek Answers Handbook

How to configure user authentication on asp.net mvc id?

Honestly, I'm pretty new to ASP.NET MVC, so I ask you to talk to me explaining my question. What I need?! I have an ASP.NET identifier identification system and works with external inputs. For some reason, I need to configure user authentication after ASP.NET identifier authentication. Let me explain how? Suppose I have three pages for users to view in my application, page A, B, C. Who can view page A? Any anonymous user can view page A. Who can view pages A and B? Any user who has created an account either with his email, or with a password or with external inputs. Who can view pages A, B, and C?

Here is the place where I want to set up user authentication. Any user who creates an account with either their email account or with external inputs AND has a valid serial key. Serial key? I installed the class in ASP.NET as shown below:

public class UserDetails : IdentityUser { public virtual MembershipSerial MembershipSerial { get; set; } } public class MembershipSerial { [HiddenInput(DisplayValue=false)] public int Id { get; set; } [HiddenInput(DisplayValue=false)] public string Serial { get; set; } [Required] [Display(Name="Membership Serial")] public string SerialConfirmed { get; set; } } public class MyDbContext : IdentityDbContext<UserDetails> { public MyDbContext() : base ("EFDbContext") { } public System.Data.Entity.DbSet<MembershipSerial> MembershipSerial { get; set; } }

As you see above, I set three properties in the class. Field identifier for series identifiers. The serial number is the 14 letters of the alphabet that the administrator enters, and as you can see, this is a hidden field that does not allow null. The SerialConfirmed field also represents 14 Alpha Numeric letters that users will enter for authentication to perform some specific tasks in the application. The whole concept is that the registered user must be pressed for authentication of the second type, which is authentication and serial numbers.

I seriously need help, and an internet search did not help much. If you need more information or are still unclear, feel free to ask me. Regards Edit: First I use the EF code. Dostdar

+6
source share
1 answer

It seems that the custom authorization attribute will work. Here is an example implementation:

 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)] public class RequiresSerialValidationAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { bool hasValidSerial = false; if (filterContext.HttpContext.Request.IsAuthenticated) { string userName = filterContext.HttpContext.User.Identity.Name; if (!string.IsNullOrWhiteSpace(userName)) { string serial = string.Empty;// TODO: Retrieve user previously authenticated serial, perhaps from Session or a cookie? if(!string.IsNullOrWhiteSpace(serial)) { var service = DependencyResolver.Current.GetService<IYourAuthService>(); hasValidSerial = service.IsSerialValidForUser(userName, serial); } } } if (!hasValidSerial) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "yourserialauthcontroller", action = "yourauthaction", area = string.Empty })); } else { base.OnAuthorization(filterContext); } } }

You must decorate action methods with this attribute:

 [RequireSerialValidation] public ActionResult SomeAction() { }

The attribute will cause a redirect to your call, where you ask the user for your serial number. Assuming everything is going well, you store their series somewhere (the session can work here or create an encrypted cookie), and then redirect back to the original action. In the second attempt, you have already confirmed that the action is allowed, so the redirect does not occur.

Your authentication service may be what you want. In this example, I assume that you are using dependency injection and that you have configured a global dependency converter. Given that your IYourAuthService might look like this (excluding other methods):

 public IYourAuthService { bool IsSerialValidForUser(string userName, string serial); }

with implementation like this:

 public YourAuthService : IYourAuthService { public bool IsSerialValidForUser(string userName, string serial) { using(var context = new YourEntityFrameworkDbContext()) { return context.Users.Any(u => u.UserName.Equals(userName, StringComparison.OrdinalIgnoreCase) && u.Serial.Equals(serial, StringComparison.OrdinalIgnoreCase)); } } }

It is assumed that your database has a table named User (or Users ), and UserName and Serial fields in this table. StringComparison.OrdinalIgnoreCase allows you to do case-insensitive, culture-insensitive matching of the strings you are trying to compare.

0
source

More articles:


All Articles