ASP.NET MVC Authentication and Login

Question

ASP.NET MVC Authentication and Login

I searched for a lot of posts here about user user authentication, but no one touched on all my problems.

I am new to ASP.NET MVC and used traditional ASP.NET (WebForms) but don’t know how to create a login / authentication mechanism for a user using ASP.NET MVC.

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
    string userName = Login1.UserName;
    string password = Login1.Password;
    bool rememberUserName = Login1.RememberMeSet;

    if (validateuser(userName, password))
    {
        //Fetch the role
        Database db = DatabaseFactory.CreateDatabase();


        //Create Command object
        System.Data.Common.DbCommand cmd = db.GetStoredProcCommand("sp_RolesForUser");
        db.AddInParameter(cmd, "@Uid", System.Data.DbType.String, 15);
        db.SetParameterValue(cmd, "@Uid", Login1.UserName);
        System.Data.IDataReader reader = db.ExecuteReader(cmd);
        System.Collections.ArrayList roleList = new System.Collections.ArrayList();
        if (reader.Read())
        {
            roleList.Add(reader[0]);
            string myRoles = (string)roleList[0];

            //Create Form Authentication ticket
            //Parameter(1) = Ticket version
            //Parameter(2) = User ID
            //Parameter(3) = Ticket Current Date and Time
            //Parameter(4) = Ticket Expiry
            //Parameter(5) = Remember me check
            //Parameter(6) = User Associated Roles in this ticket
            //Parameter(7) = Cookie Path (if any)
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now,
            DateTime.Now.AddMinutes(20), rememberUserName, myRoles, FormsAuthentication.FormsCookiePath);

            //For security reasons we may hash the cookies
            string hashCookies = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);

            // add the cookie to user browser
            Response.Cookies.Add(cookie);

            if (HttpContext.Current.User.IsInRole("Administrators"))
            {
                Response.Redirect("~/Admin/Default.aspx");
            }
            else
            {
                string returnURL = "~/Default.aspx";

                // get the requested page
                //string returnUrl = Request.QueryString["ReturnUrl"];
                //if (returnUrl == null)
                //   returnUrl = "~/Default.aspx";
                Response.Redirect(returnURL);
            }
        }
    }
}

  protected bool validateuser(string UserName, string Password)
  {
    Boolean boolReturnValue = false;

    //Create Connection using Enterprise Library Database Factory
    Database db = DatabaseFactory.CreateDatabase();

    //Create Command object
    DbCommand cmd = db.GetStoredProcCommand("sp_ValidateUser");

    db.AddInParameter(cmd, "@userid", DbType.String, 15);
    db.SetParameterValue(cmd, "@userid", Login1.UserName);

    db.AddInParameter(cmd, "@password", DbType.String, 15);
    db.SetParameterValue(cmd, "@password", Login1.Password);

    db.AddOutParameter(cmd, "@retval", DbType.Int16, 2);
    db.ExecuteNonQuery(cmd);

    int theStatus = (System.Int16)db.GetParameterValue(cmd, "@retval");

    if (theStatus > 0)  //Authenticated user
        boolReturnValue = true;
    else  //UnAuthorized...
        boolReturnValue = false;

    return boolReturnValue;
}

I really don't know how to translate this ASP.NET code into MVC-esque architecture; and I still don't understand how to implement authentication in ASP.NET MVC.

What do I need to do? How to implement the above code in ASP.NET MVC? What am I missing in this code?

+9

c # .net asp.net asp.net-mvc

user239684 Dec 28 '09 at 17:51

source share

3 answers

Hamid Reza · Answer 1 · 2013-03-04T17:48:22+0000

. :

( )

public class User
    {
        public int UserId { get; set; }
        public string Name { get; set; }
        public string Username { get; set; }
        public string Password { get; set; }
        public string Email { get; set; }
        public bool IsAdmin { get; set; }
    }

(..)

 public class UserRepository
    {
        Context context = new Context();       
        public User GetByUsernameAndPassword(User user)
        {
            return context.Users.Where(u => u.Username==user.Username & u.Password==user.Password).FirstOrDefault();
        }
    }

(..)

public class UserApplication
    {
        UserRepository userRepo = new UserRepository();     
        public User GetByUsernameAndPassword(User user)
        {
            return userRepo.GetByUsernameAndPassword(user);
        }
    }

(..)

public class AccountController : Controller
    {
        UserApplication userApp = new UserApplication();
        SessionContext context = new SessionContext();

        public ActionResult Login()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Login(User user)
        {
            var authenticatedUser = userApp.GetByUsernameAndPassword(user);
            if (authenticatedUser != null)
            {
                context.SetAuthenticationToken(authenticatedUser.UserId.ToString(),false, authenticatedUser);
                return RedirectToAction("Index", "Home");
            }

            return View();
        }

        public ActionResult Logout()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }

SessionContext (..)

public class SessionContext
    {
        public void SetAuthenticationToken(string name, bool isPersistant, User userData)
        {
            string data = null;
            if (userData != null)
                data = new JavaScriptSerializer().Serialize(userData);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, userData.UserId.ToString());

            string cookieData = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData)
            {
                HttpOnly = true,
                Expires = ticket.Expiration
            };

            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        public User GetUserData()
        {
            User userData = null;

            try
            {
                HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                if (cookie != null)
                {
                    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

                    userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(User)) as User;
                }
            }
            catch (Exception ex)
            {
            }

            return userData;
        }
    }

, , web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

[Authorize] , . :

[Authorize]
public class ClassController : Controller
{
   ...
}

Dan Atkinson · Answer 2 · 2009-12-28T19:54:36+0000

, . asp.net/mvc .

, - ASP.NET MVC 5 , reset.

Zeeshan · Answer 3 · 2016-06-22T08:35:28+0000

Code:

using Microsoft.AspNet.Identity;


if (Request.IsAuthenticated)
{
    return View();
}

ASP.NET MVC Authentication and Login

More articles: