Donate

ASP.NET MVC 4 Built-in Form Based Authentication

-
Given that I have some background knowledge of ASP.NET Web Forms Authentication, I decided to try experimenting on MVC 4 authentication/authorization framework. Most of the articles in the internet regarding forms authentication in ASP.NET MVC are custom based approach and less on the built-in technology which is WebData.WebSecurity usage. Not until I found these articles:
a. Forms Authentication Customized
b. Introduction to forms based authentication in MVC 4
c. Authenticating Users In Asp.net MVC 4
So, to cut the story short, I made an application which utilized the built-in WebMatrix authentication in MVC 4. The first thing to do, is to familiarize those articles to get a good grasp on the topic. The setup of my application are as follows:
1. Web.config
     1.1 Added authentication and custom errors
<authentication mode="Forms">  
    <forms loginUrl="~/Account/Login" timeout="2880"/>    
   </authentication>  
   <authorization>  
     <allow users="*"/>     
   </authorization>  
   <customErrors mode="On" defaultRedirect="~/Error/Error">  
    <error statusCode="404" redirect="~/Errors/Http404" />  
   </customErrors>
     1.2 Replaced the connection string to point it with an existing database. In my case it's northwind database.
 <add name="DefaultConnection" connectionString="Data Source=testServer;Initial Catalog=NORTHWIND;User ID=sa;Password=testsql2012;" providerName="System.Data.SqlClient" />
Here's a sample image that Northwind has added the built in authentication/authorization tables.
ASP.NET MVC 4 Built-in Form Based Authentication
2. In the built-in account controller Register() action, I added a code to map a default role which is a "Customer" to a new user. The other role is "Administrator" which will be set explicity through the database or admin page.
[HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Register(RegisterModel model)
        {
            if (ModelState.IsValid)
            {
                // Attempt to register the user
                try
                {                    
                    WebSecurity.CreateUserAndAccount(model.UserName, model.Password);     
                    //assign default role to new user.     
                    Roles.AddUserToRole(model.UserName, "Customer");                   
                    WebSecurity.Login(model.UserName, model.Password);
                    return RedirectToAction("Index", "Customer");
                }
                catch (MembershipCreateUserException e)
                {
                    ModelState.AddModelError("", ErrorCodeToString(e.StatusCode));
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }
3. I added an Errors Controller(ErrorsController.cs) with the following methods that handles 404 and unauthorized exceptions. 
protected override void HandleUnknownAction(string actionName)
        {
            if (this.GetType() != typeof(ErrorsController))
            {
                var errorRoute = new System.Web.RoutingRouteData(); //ako gi change added assembly
                errorRoute.Values.Add("controller", "Errors");
                errorRoute.Values.Add("action", "Http404");
                errorRoute.Values.Add("url", HttpContext.Request.Url.OriginalString);
                View("Http404").ExecuteResult(this.ControllerContext);
            }
        }

        public ActionResult Http404()
        {
            return View();
        }

        public ActionResult Error()
        {
            return View();
        }

        public ActionResult InvalidUser()
        {
            return PartialView("_InvalidUser");
        }

        public ActionResult UnAuthorizedUser()
        {
            return PartialView("_UNAuthorizedUser");
        }
4. I added the class AuthorizeUsersAttribute in my Models folder and decorated my controller actions in CustomerController.cs with attribute as presented in this post: Redirect Unauthorized Access to Custom View in MVC 4
 [AuthorizeUsers(Roles = "Administrator", NotifyUrl = "/Errors/UnAuthorizedUser")]
        [HttpPost]
        public ActionResult Create(Customer customer)
        {
            if (ModelState.IsValid)
            {
                db.Customers.Add(customer);
                db.SaveChanges();
                return RedirectToAction("Index");
            }

            return View(customer);
        }
5. I added partial view in shared folder for notifying unauthorized users.
_UNAuthorizedUser.cshtml
6. Add this in global.asax or RouteConfig.cs RegisterRoutes() method
WebMatrix.WebData.WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
7. I didn't revise anything in AccountModels.cs
8. In my sample project, the administrator role can create, edit, delete and view customer information. The customer role is limited to viewing only. Here are some sample images:
     8.1 The default page automatically redirects to the login page for authorization and authentication.
ASP.NET MVC 4 Built-in Form Based Authentication
     8.2 The main view for users with admin or customer role.
ASP.NET MVC 4 Built-in Form Based Authentication
     8.3 Page restriction on a view accessed by a customer user.
ASP.NET MVC 4 Built-in Form Based Authentication
     8.4 Edit Page authorized to admin users.

ASP.NET MVC 4 Built-in Form Based Authentication

Comments

Post a Comment

Donate

Popular Posts From This Blog

WPF CRUD Application Using DataGrid, MVVM Pattern, Entity Framework, And C#.NET

-
Image
Good day to all! Here's an example of a WPF CRUD (Create,Update and Delete) project using the DataGrid control, ADO.NET Entity Framework 6.x, C#.NET and Model–View–Viewmodel(MVVM) architectural pattern. This post was based from this tutorial WPF CRUD With DataGrid, Entity Framework And C#.NET except that we are now using the MVVM framework. The steps below are pretty straightforward and easy to follow. I. Project Setup 1. Add a table called Students in you database. The complete script is found in this post WPF CRUD With DataGrid, Entity Framework And C#.NET 2. Create a WPF Project and add four folders called DataAccess, Model, View and ViewModel. 3. Your project structure may look similar with the screenshot provided below. II. Coding The Model and Repository Class 1. Inside the Model folder, add an ADO.NET Entity Data Model that connects to the Students table in your database. On my part, I named it StudentModel . 2. For the connectionstring name in App.config file, I
Read more

How To Insert Or Add Emojis In Microsoft Teams Status Message

-
Image
Good day Gents! I was trying to update my Microsoft Teams status and was wondering if I can add or insert emoji. For editing or adding new teams status, only text fields are available and there's no emoji icon similar to writing a teams message. After googling for a few minutes, I found this link Emoji's in status which is a feature request in Microsoft Teams User's Voice Forum. So far this upgrade request only has thirty votes which is relatively small and may be considered a low priority for the product team to implement. Given the limitations at hand, I tried several approach including copying an emoji in a chat message which didn't work and later found a solution using Microsoft Outlook 365. First is to create a new email message in Microsoft Outlook and press (Window Key + .). The emoji dropdown control will appear. Next is to select the emoji that you wanted to add to Teams. Copy the emoji from the newly created email message template and paste that to Micr
Read more

TypeScript Error Or Bug: The term 'tsc' is not recognized as the name of a cmdlet, function, script file, or operable program.

-
Image
Good Day Gents! During this free-time I started setting up Node.js on my machine as part of my career goals which is learning new frameworks in preparation for new projects. So the first thing I did was to install TypeScript language to get myself familiar with Angular 2+. After I finished setting up TypeScript, I then created a simple HelloWorld program and ran the application through Visual Studio Code using the "tsc: build - tsconfig.json" command. I encountered an error which says "The term 'tsc' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again." Below are the details on my machine and packages installed:   - Operating System: Windows 10 Pro   - Node.js: 14.16.0   - npm version: 6.14.11   - Typescript: 4.2.3 (using command: "npm install -g typescript") After doing some research and reading thr
Read more