ASP.NET MVC 3 User Authentication

Question

What are some of the common methods to do simple user validation (account login)?

Also, can you have different authentication schemes per area?

Edit

Answer 1

According to the security expert on the MVC team

The only supported way of securing your MVC application is to have a base class with an [Authorize] attribute, and then to have each controller type subclass that base type. Any other way will open a security hole.

http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

Answer 2

You have several options when it comes to doing authentication in MVC:

• The built-it MVC Forms Authentication (Tutorial available here and here)
• Using Forms Authentication with Cookies in MVC3 (Link here)
• Using Windows Authentication (Learn more here...)
• Mixed Mode Authentication (Using Windows / Forms Authentication together.)

The built in Forms Authentication can allow you to limit access to different areas of your application based on Role, User among other things and it is quite easy to implement using the [Authorize] attribute.

The following would require the user be logged in:

[Authorize]
public ActionResult YourActionNameGoesHere()
{
}

Likewise, the following would require the user be logged in AND be an Administrator:

[Authorize(Roles="Administrator")]
public ActionResult YourActionNameGoesHere()
{
}

Those were just a few methods of accomplishing it, as you can see there are MANY different methods of accomplishing this - I hope this might have shed a bit of light in helping you decide.

Answer 3

please go to your model folder when you create a internet application with VS 2010. you will see a cs file there. that file holds a sample structure for User Authentication

Remember that : ASP.NET MVC is not a separate framework. it sits on top of ASP.NET so you can use System.Web.Security.Membership class on MVC as well.

Also, check your Account folder inside your view folder. you will some view samples there.

hope this helps.