Geek Answers Handbook

How to implement authentication mechanism and security role in mvc.net?

I am a guy from Ruby and I am new to asp.net, so naked with me please.

I am trying to implement the role mechanism in my first mvc application, so I can use data annotations ([Log in (Roles = "Administrator")]) over actionResults ..

I read a lot about securtiy Authentication, Membership, and Roles and still can't get around all these things. For example, I read here:

http://stackoverflow.com/questions/10742709/asp-net-mvc4-security-authentication-and-authorization

and even tried to duplicate the following: http://www.codeproject.com/Articles/654846/Security-In-ASP-NET-MVC

I implemented the roleProvider and AccountMembershipProvider interfaces, but I have to miss something significant here because it does not work.

I need a good guide on what I need to implement and how to combine everything.

Could you explain to me how to do this?

Greetings.

+4
source share
1 answer

I built this tutorial a while ago. It combines several existing textbooks from several sources .. so maybe you have already seen some of them.

For it to work, you must implement all of the code below in your applications.

Let it begin:

, web.config <system.web>:

  <system.web>

    <!-- authentication section activates the auth system -->

    <authentication mode="Forms">
       <forms loginUrl="~/yourLoginControllerName/YourLoginActionResult" timeout="2880" />
    </authentication>

    <!-- membership section defines which class is used to check authentication, in this example, this is the default class -->

    <membership defaultProvider="AccountMembershipProvider">
      <providers>
        <clear/>
        <add name="AccountMembershipProvider"
             type="yourProjectName.Web.Infrastructure.AccountMembershipProvider" />
      </providers>
    </membership>

    <!-- roleManager section defines which class is used to check roles for users, in this example, the default class is used -->

    <roleManager enabled="true" defaultProvider="AccountRoleProvider">
      <providers>
        <clear/>
        <add name="AccountRoleProvider"
             type="yourProjectName.Web.Infrastructure.AccountRoleProvider" />
      </providers>
    </roleManager>
..
  </system.web>

, , , . , :

public class HomeController : Controller
{
    [Authorize]
    public ActionResult Index()
    {
..
    }

    [Authorize(Roles = "Administrator, KingOnRails")]
    public ActionResult Edit(int Id)
    {
..
    }

. .

, roleManagement , , .

2 , :

public class AccountMembershipProvider : MembershipProvider
{
        public override bool ValidateUser(string username, string password)
        {
            if (username == "KingOnRails")
                return true;
            return false;
        }
}


public class AccountRoleProvider : RoleProvider
{

        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
                //Here you can implement insertion of <key, value> = <user, role> to a global dictionary maintained in Global.asax file... 
        }

        public override string[] GetRolesForUser(string username)
        {
            if (username == "Roy Doron")
                return new string[1] { "User" };
            else if (username == "KingOnRails")
                return new string[1] { "Administrator" };
            return null;
        }

        public override bool RoleExists(string roleName)
        {
            if ((roleName == "Administrator") || (roleName == "User"))
                return true;
            else
                return false;
        }
}

... , , , .

, ValidateUser(), , - , , , :

[HttpPost]
public ActionResult Login()
        {
            string user = Request.Params["user"];
    // calls the AccountMembershipProvider.ValidateUser()
            if (Membership.ValidateUser(user, Request.Params["password"]))
            {
                FormsAuthentication.SetAuthCookie(user, true);
                return Redirect("/Home/WhereEver");
            }
            else
                return Redirect("/Home/Login");

        }

, , .

, .

.

+5

More articles:


All Articles