I am just a beginner of ASP.NET MVC. I have done some page by asp.net mvc but now I need to do form log in by using MVC. The login user name and password are store in database. Can anyone propose or share me some idea of how to do that? I really have no idea about that. Thanks.
Since you are new to Asp.net MVC, I would suggest you to follow a tutorial which will provide a great insight of how things shape up in this new framework. You can follow the Tutorial MVC Music Store from asp.net
It contains all the basic ingredients of a web application from user authentication to CRUD operations.
You may configure your web-app via Form Authentication. Take a look at tutorial - Authenticating Users with Forms Authentication. and SO thread - User authentication and authorisation in ASP.NET MVC
Related
I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
I need to build a "my account" application for my friend. I plan to use asp.net MVC 3.
I have to use third party API to authenticate users. if this is regular web application, it is easy, I submit the request using third party API, get response back. if this is authorized user, create a session. ON all the protected pages, i just check the session, if it is exist, then show the content, otherwise redirect back to login page.
I probably can do the same on my mvc3 project, but I know that definitely is a wrong approach. MVC3 is very flexiable. there must be a better way to do it. After I get response back from the third party API. What should I do after that? please show me some codes if you can.
Use the ASP.NET membership provider and create a custom provider to hook into your API. This gets a lot of the hard work done for you and you're not "reinventing the wheel". There's a great overview about how to do this with MVC here: http://theintegrity.co.uk/2010/11/asp-net-mvc-2-custom-membership-provider-tutorial-part-1/
Create a new MVC 3 application using the "Internet Application" template when you do file-new project.
All the code is then created for you - in visual studio click on the "ASP.NET Configuration" icon in solution explorer.
create your users and your roles
decorate your controllers and/or action methods with
[Authorize(Roles="Administrators")]
public class MyAdminOnlyController : Controller
{
}
Configure additional features such as forgotten password functionality, password resets, etc. Some additional features will require coding.
Done!
I don't think using MVC3 for authentication is anything different than regular web app. In your controller, you will send the username and password getting from the view to the API,getting the response back.
You can then save it to session and check against it on any page you want to be protected.
MVC is just the way to separate view logic, business logic and data model. The application flow is the same.
ASP.NET already build ASP.NET membership provider. The back end data can be stored in ASP.NET Configuration website, SQL Server database,Active Directory, and another database but you need to custom the authentication provider.
this is the expample for SQLServer Membership provider, for the detail documentation you can read from here
For ASP.NET Configuration management Membership provider, you can read from Music Store ASP.NET MVC tutorial in Membership and Authorization section. If you want to learn about ASP.NET MVC authentication/authorization. Music Store example is a recommended tutorial for exploring ASP.NET MVC3 feature, Entity Framework and Authentication also.
I veguely remember that there was a login/logout control in my ASP.net class, but I don't know what options there are for managing user logins, the only one I'm aware of is the Windows Authentication mechanism.
I believe you're talking about ASP.NET Forms Authentication. You can read more about it here.
Here's a video tutorial on the ASP.NET Login controls:
http://www.asp.net/general/videos/login-controls
You'll probably want to take a look at Forms Authentication - you can use both Windows and Forms authentication with an ASP.NET Web application.
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx
I have few websites based on the WebForms and one based on MVC. All websites have the same settings for forms authentication in web config.
The problem is that once logged in to WebForms website, I have to re-login for MVC websites, but when I log out from MVC website, I am automatically logged out from WebForms websites.
How can I pass information to the MVC website that user was successfully logged in when using WebForms.
Try this article. Essentially, you want single sign on. That is the term to google for.
http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
What are the options for implementing secure login on a website and ensuring that the website itself as a whole is secure? - for both asp.net and mvc......
Kind regards
The easiest way would be to use the prepared winforms accounting in asp.net mvc template. Then you can use the [Authorize] attribute infront every action you want to prevent from accessing before logging in.