发表新帖
发表新帖

Custom Authentication and ASP.NET MVC

前端 未结
关注
5 1341
独厮守ぢ
独厮守ぢ 2020-12-13 00:50

I have an internal web app being built in ASP.NET 4. We are stuck with using an authentication API built by another team. If a user to the site is authenticated

相关标签:
5条回答
  • 被撕碎了的回忆
    2020-12-13 01:15

    You can do the Session Authentication by simply putting a session variable value when the login is successful. Eg 

    public ActionResult Index(Models.Login login)
    {
        if (ModelState.IsValid)
        {
            Dal.Login dLogin = new Dal.Login();
            string result = dLogin.LoginUser(login);
            if (result == "Success")
                Session["AuthState"] = "Authenticated";
        }
        return View();
    }

    Now the trick is that you should have a common layout page of all the views to which you have to check for authentication. And in this layout page just do a razor check like this - 

    <body>
    @if (Session["AuthState"] != "Authenticated")
    {
        Response.Redirect("~/login");
    }
    // other html
</body>

    I have been using this method in my application admin panel.

    0 讨论(0)
  • 情深已故
    2020-12-13 01:17

    You can use Forms Authentication in conjuction with Authorize attibute as follows,

    To restrict access to a view :

    Add the AuthorizeAttribute attribute to the action method declaration, as shown below,

    [Authorize]
public ActionResult Index()
{
    return View();
}

    Configuring Forms Authentication in web.config

    <authentication mode="Forms">
     <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

    Login Post Action: Set Authentication cookie if user is valid 

    [HttpPost]
public ActionResult Login(User model, string returnUrl)
{
        //Validation code

        if (userValid)
        {
             FormsAuthentication.SetAuthCookie(username, false);
        }
}

    Log off Action:

    public ActionResult LogOff()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}
    0 讨论(0)
  • 無奈伤痛
    2020-12-13 01:19

    You can try with something like this:

    FormsAuthentication.SetAuthCookie(username, rememberMe);

    to set the cookie for authenticated user, then just use the [Authorize] attribute on the Controller or Action that need authentication.

    Try googling on the subject for further info, you will find a lot of stuff on authentication and authorization in MVC.

    0 讨论(0)
  • 星月不相逢
    2020-12-13 01:36

    You probably want to have a custom authorization filter. Here's an example: Custom filters in MVC. You can then apply this filter globally on app start (using RegisterGlobalFilters).

    public class LegacyAuthorize : AuthorizeAttribute
{
  public override void OnAuthorization(HttpActionContext actionContext)
  {
    if (HttpContext.Current.Session["User"] == null)
      base.HandleUnauthorizedRequest(actionContext);
  }
}

    Then in your global.asax you'd have something like this:

    GlobalFilters.Filters.Add(new LegacyAuthorize());
    0 讨论(0)
  • 忘掉有多难
    2020-12-13 01:36

    Everything you could do in forms you can do in MVC, just set the session variable in the controller login action.

    Or you can do this: In the login action add formsauthentication.setauthcookie("username")

    After this any action with the [Authorize] keyword will allow the current user in.

    0 讨论(0)
 看不清?
提交回复
热议问题