ASP.NET MVC and Login Authentication

后端 未结 4 998
长发绾君心
长发绾君心 2021-01-30 03:22

I have searched many posts here regarding custom user authentication but none have addressed all of my concerns

I am new to ASP.NET MVC and have used traditional ASP.NET

相关标签:
4条回答
  • 2021-01-30 04:03

    Code:

    using Microsoft.AspNet.Identity;
    
    
    if (Request.IsAuthenticated)
    {
        return View();
    }
    
    0 讨论(0)
  • 2021-01-30 04:04

    You can write your authentication service by yourself. Here is a short story:

    Your user model class(i.e.)

    public class User
        {
            public int UserId { get; set; }
            public string Name { get; set; }
            public string Username { get; set; }
            public string Password { get; set; }
            public string Email { get; set; }
            public bool IsAdmin { get; set; }
        }
    

    Your Context class(i.e.)

    public class Context : DbContext
    {
        public Context()
        {
            base.Configuration.LazyLoadingEnabled = false;
        }
        protected override void OnModelCreating(DbModelBuilder modelBuilder)
        {
            Database.SetInitializer<Context>(null);
            base.OnModelCreating(modelBuilder);
            modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
        }
        public DbSet<User> Users { get; set; }
    }
    

    Your user repository class(i.e.)

     public class UserRepository
        {
            Context context = new Context();       
            public User GetByUsernameAndPassword(User user)
            {
                return context.Users.Where(u => u.Username==user.Username & u.Password==user.Password).FirstOrDefault();
            }
        }
    

    And your user application class(i.e.)

    public class UserApplication
        {
            UserRepository userRepo = new UserRepository();     
            public User GetByUsernameAndPassword(User user)
            {
                return userRepo.GetByUsernameAndPassword(user);
            }
        }
    

    Here is your account controller(i.e.)

    public class AccountController : Controller
        {
            UserApplication userApp = new UserApplication();
            SessionContext context = new SessionContext();
    
            public ActionResult Login()
            {
                return View();
            }
            [HttpPost]
            public ActionResult Login(User user)
            {
                var authenticatedUser = userApp.GetByUsernameAndPassword(user);
                if (authenticatedUser != null)
                {
                    context.SetAuthenticationToken(authenticatedUser.UserId.ToString(),false, authenticatedUser);
                    return RedirectToAction("Index", "Home");
                }
               
                return View();
            }
    
            public ActionResult Logout()
            {
                FormsAuthentication.SignOut();
                return RedirectToAction("Index", "Home");
            }
    

    And your SessionContext class(i.e.)

    public class SessionContext
        {
            public void SetAuthenticationToken(string name, bool isPersistant, User userData)
            {
                string data = null;
                if (userData != null)
                    data = new JavaScriptSerializer().Serialize(userData);
    
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, userData.UserId.ToString());
    
                string cookieData = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData)
                {
                    HttpOnly = true,
                    Expires = ticket.Expiration
                };
    
                HttpContext.Current.Response.Cookies.Add(cookie);
            }
    
            public User GetUserData()
            {
                User userData = null;
    
                try
                {
                    HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                    if (cookie != null)
                    {
                        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
    
                        userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(User)) as User;
                    }
                }
                catch (Exception ex)
                {
                }
    
                return userData;
            }
        }
    

    And finally add the following tag to your <system.web> tag in web.config file:

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>
    

    And now you just need to insert [Authorize] attribute on the head of each controller that needs authentication.like this:

    [Authorize]
    public class ClassController : Controller
    {
       ...
    }
    
    0 讨论(0)
  • 2021-01-30 04:22

    Given your comments regarding tutorials, please see the asp.net/mvc learning section on security.

    In particular, this tutorial on creating a secure ASP.NET MVC 5 web app with log in, email confirmation and password reset.

    0 讨论(0)
  • 2021-01-30 04:25

    1-Add This Code To WebConfig

    <system.web>
    
           <authentication mode="Forms">
           <forms loginUrl="/Log/Login" timeout="20"></forms>
           </authentication>
    
    </system.web>
    

    2-To Action Use This code

    [HttpPost]
    public async Task<ActionResult> Login(string UserName,string Password)
    {
        var q = await userpro.Login(UserName, Password);
        if (q.Resalt)
        {
    
            //Add User To Cookie
            Response.Cookies.Add(FormsAuthentication.GetAuthCookie(UserName, false));
    
            return RedirectToAction("ShowUsers", "User");
        }
        else
        {
            ViewBag.Message = q.Message;
            return View();
        }
    
    }
    

    3-You Should Add This Attribute To Your Action [Authorize]

    4-To This Code You Can Get UserName In Cookie

    public async Task<ActionResult> ShowUsers(int Page = 0)
    {
        string UserName= User.Identity.Name;
        return View(await user.GetAllUser(Page));
    }
    
    0 讨论(0)
提交回复
热议问题