How to implement custom authentication in ASP.NET MVC 5

Question

How to implement custom authentication in ASP.NET MVC 5

I am developing an ASP.NET MVC 5 application. I have an existing database from which I created my ADO.NET Entity Data Model. I have a table in this database that contains the column "username" and "password", and I want to use them to implement authentication and authorization in my Webapp; I cannot create any other database or table or column, and I cannot use standard identity authentication due to client requirements. I do not need to manage registration, password change or other materials: just log in with a password and username. How can i do this?

+55

authentication c # authorization asp.net-mvc asp.net-identity

Giacomo Santarnecchi Jul 23 '15 at 10:19

source share

1 answer

Sam Farajpour Ghamari · Accepted Answer · 2015-07-23 11:16

Yes, you can. Parts of authentication and authorization work independently. If you have your own authentication service, you can simply use the OWIN authorization part. You already have a UserManager that checks for username and password . Therefore, you can write the following code in your action after entering your account:

 [HttpPost] public ActionResult Login(string username, string password) { if (new UserManager().IsValid(username, password)) { var ident = new ClaimsIdentity( new[] { // adding following 2 claim just for supporting default antiforgery provider new Claim(ClaimTypes.NameIdentifier, username), new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string"), new Claim(ClaimTypes.Name,username), // optionally you could add roles if any new Claim(ClaimTypes.Role, "RoleName"), new Claim(ClaimTypes.Role, "AnotherRole"), }, DefaultAuthenticationTypes.ApplicationCookie); HttpContext.GetOwinContext().Authentication.SignIn( new AuthenticationProperties { IsPersistent = false }, ident); return RedirectToAction("MyAction"); // auth succeed } // invalid username or password ModelState.AddModelError("", "invalid username or password"); return View(); }

And your user manager might be something like this:

 class UserManager { public bool IsValid(string username, string password) { using(var db=new MyDbContext()) // use your DbConext { // for the sake of simplicity I use plain text passwords // in real world hashing and salting techniques must be implemented return db.Users.Any(u=>u.Username==username && u.Password==password); } } }

In the end, you can protect your actions or controllers by adding the Authorize attribute.

 [Authorize] public ActionResult MySecretAction() { // all authorized users can use this method // we have accessed current user principal by calling also // HttpContext.User } [Authorize(Roles="Admin")] public ActionResult MySecretAction() { // just Admin users have access to this method }

How to implement custom authentication in ASP.NET MVC 5

More articles: