Visual studio 2015 has a pre-built user registration/login page, I need to make an "admin" account that has access to an admin only page within the web app to enter in data to be stored to the database. I just dont know where to begin to add an account and give it write access. Would anyone happen to have knowledge on the pre-built registration and where I add an admin user and give them the ability to view a unique page but not let anyone else view it?
For VS 2015 - In case of ASP.NET Web Page, you can use user id and its role during Page Load. If the Access Right is not valid, then return to Error Page.
In case of ASP.NET MVC, you can define Custom Attribute using ActionFilterAttribute in controller class ActionResult of the View.
Pre-built Registration works well for both Web Form and MVC Templates provided in VS 2015. For more information - please check AspNetUsers table in Sql Database created.
Please read more details here
Related
Upon clicking on register link, it displays page but under Areas/Identity there are no pages. We can scaffold identity for empty template, but how is it working for web application template for individual user account?
Register page
Area/Identity
We can scaffold identity for empty template, but how is it working for web application template for individual user account?
It seems that you created an ASP.NET Core Web Application project with Individual User Accounts, which would help integrate and configure ASP.NET Core Identity as a Razor Class Library in the generated project.
If you'd like to customize the UI of identity, you can also apply the scaffolder to selectively add the source code contained in the Identity Razor Class Library (RCL) and modify the code and change the behavior.
For more information, please check this doc about "Scaffold Identity into an MVC project without existing authorization".
You will need to setup an Identity store where user information can be saved. You could setup an in-memory store but at some point you will want to persist account information
so you'll want to setup a database in SQL Server, MySQL, or some other system to save the data.
As to the pages. They are being pulled from the Identity libraries. They provide a default setup that, as you mentioned, can be changed. The register piece, and sign-in/out will still need the data store to persist any information. Once you setup the datastore in the startup.cs class it will be injected into the applicable classes.
I am working on asp.net for my website. Actually my site have two types of roles admin and user. I saw in asp.net development site at create new wizard user have a selection for roles like admin and user but if a crazy user may select admin role though he is a normal user so how could i control the user role selection.
For my optionion you should not rely on the wizard which ships with asp.net.
You should have your own control over creating users.
I would start to look at the Membership api to see how to access it from source code, how to add roles and how to authenticate... this is basically how the wizard magic works...
http://www.asp.net/web-forms/videos/authentication
http://www.4guysfromrolla.com/articles/120705-1.aspx
http://msdn.microsoft.com/en-us/library/ff648345.aspx
HTH
We have a asp.net application. Would like to integrate with sharepoint issue tracking application we are building.
We would like customer to login in asp.net application and when a link is clicked, it should pass login and other info (like customer id) and display a new issue list so that they can enter rest of information and submit.
Any ideas how to accomplish this?
Thanks
They have to share the membership provider , using the FBA within SP2010.
Here is a Walkthrough http://blog.sharedove.com/adisjugo/index.php/2011/01/05/writing-a-custom-membership-provider-and-using-it-for-fba-forms-based-authentication-in-sharepoint-2010-from-the-scratch/
Then make a custom Form for the Issue reading the Session varialbles to fill in the Form.
I need to build a "my account" application for my friend. I plan to use asp.net MVC 3.
I have to use third party API to authenticate users. if this is regular web application, it is easy, I submit the request using third party API, get response back. if this is authorized user, create a session. ON all the protected pages, i just check the session, if it is exist, then show the content, otherwise redirect back to login page.
I probably can do the same on my mvc3 project, but I know that definitely is a wrong approach. MVC3 is very flexiable. there must be a better way to do it. After I get response back from the third party API. What should I do after that? please show me some codes if you can.
Use the ASP.NET membership provider and create a custom provider to hook into your API. This gets a lot of the hard work done for you and you're not "reinventing the wheel". There's a great overview about how to do this with MVC here: http://theintegrity.co.uk/2010/11/asp-net-mvc-2-custom-membership-provider-tutorial-part-1/
Create a new MVC 3 application using the "Internet Application" template when you do file-new project.
All the code is then created for you - in visual studio click on the "ASP.NET Configuration" icon in solution explorer.
create your users and your roles
decorate your controllers and/or action methods with
[Authorize(Roles="Administrators")]
public class MyAdminOnlyController : Controller
{
}
Configure additional features such as forgotten password functionality, password resets, etc. Some additional features will require coding.
Done!
I don't think using MVC3 for authentication is anything different than regular web app. In your controller, you will send the username and password getting from the view to the API,getting the response back.
You can then save it to session and check against it on any page you want to be protected.
MVC is just the way to separate view logic, business logic and data model. The application flow is the same.
ASP.NET already build ASP.NET membership provider. The back end data can be stored in ASP.NET Configuration website, SQL Server database,Active Directory, and another database but you need to custom the authentication provider.
this is the expample for SQLServer Membership provider, for the detail documentation you can read from here
For ASP.NET Configuration management Membership provider, you can read from Music Store ASP.NET MVC tutorial in Membership and Authorization section. If you want to learn about ASP.NET MVC authentication/authorization. Music Store example is a recommended tutorial for exploring ASP.NET MVC3 feature, Entity Framework and Authentication also.
I have Membership, Profile and Role providers setup for my .NET MVC website. I would like to say: this Role has access to that Page.
How do I 'inject' this code to the RoleProvider? Or do I have to override it somehow? Any leads?
(Roles are stored in the default ASP.NET SqlRoleProvider, Pages are stored in a seperate SQL database).
Why would you inject this into the role provider? Why not just decorate the ActionResult [Authorise(Roles="myrole")]?
I understand that your pages are in the database but the action result still needs to call the view right?
I guess you could write you're own custom attribute which can check and either grant access or deny it.
I don't think the role provider is the right place for determining whether a page can be displayed or not.
Take a look at using sitemaps under asp.net. It is VERY easy to manage and to extend.
I have even used them as the datasource for a menu system.
Once in your page, you can do something like:
User.IsInRole("RoleName")