User Login Implementation for ASP.NET MVC

Question

User Login Implementation for ASP.NET MVC

I am new to ASP.NET MVC and need advice on how to implement the following.

A site is a heavily used site with approximately 200 users within the country (intranet). We use form authentication by hitting SQL Server DB (rather than integrated windows).

Some actions are protected, some of them are available for viewing, and some of them are available for viewing by both - therefore, if the user is logged in, they see their data from the database, otherwise they see a temporary profile similar to StackOverflow.

How can I apply a security model for this scenario? Is it possible to reuse an existing structure in ASP.NET MVC and use authorization filters?

Are there any online articles that I can use as a link?

+4

authentication vb.net authorization asp.net asp.net-mvc

Lisa auckett Oct 29 '09 at 5:35

source share

3 answers

tuanvt · Answer 1 · 2009-10-29T15:22:03+0000

I had the same problem since I want to implement asp.net membership with my user user database, my solution was to override the default aspnet membership provider to control user registration and the aspnet role provider to manage the user role. For example, my custom membership provider would look like this:

namespace Entities { public class VEMembership : MembershipProvider { public override bool ValidateUser(string username, string password) { // your logic to validate user // return false if not qualified, other wise true } } }

And then in your web config file you just need to add the default service provider:

 <membership defaultProvider="VEMembership"> <providers> <clear/> <add name="VEMembership" type="Entities.VEMembership" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" connectionString="VEConnectionString"/> </providers> </membership>

There are many articles on how to use the custom aspnet membership provider on google search if you need help with this. Hope this helps

Greatran · Answer 2 · 2011-02-01T05:10:23+0000

full answer to ur problem can be found here

brad.huffman · Answer 3 · 2009-10-29T11:31:16+0000

The User Object page has the IsAutheticated property (User.Identity.IsAuthenticated), which tells you whether the user has been authenticated or not. This, combined with conditional statements to show or hide data / controls (or ASP.Net LoginView control ) should allow you to do what you want. Alternatively, you can use the ASP.Net role provider (or roll up your own custom provider) to further determine what your users can access / do based on the role (s) that you assign to them.

User Login Implementation for ASP.NET MVC

More articles: