authorization module in asp.net - asp.net

I was wondering if there was an example or a blogpost to show how to do the authorization module in asp.net.
dynamically allow roles to a page or folder

ASP.Net supports Forms Authorization. Here is a good blogpost how to use it:
http://support.microsoft.com/kb/301240

I am hoping that this is best for how to do authorization in asp.net along with authorization ,it will also explains authentication also...

Related

MVC 4 Web Api Security from C.S.R.F. Attacks

I am using asp.net mvc4 web api. I am using Form Authentication for security. I have asp form pages(.aspx) at client side. Is there any way to implement Antiforgery in this scenario. please describe i detail. I have done it in cshtml pages but found no any way to implement it in .aspx forms.
You might have found the solution for this, still adding reference to the page where you can find how to use CSRF prevention in ASP.Net
http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

How can I implement Basic Authentication against a database?

I have a database with usernames and passwords and I want to use it for authenticating ASP.net web page users.
I know how to do it with a webpage form (i.e. with just the simple form in HTML, C# provider and my web.config with authentication mode="Forms").
However I'd like to have a Popup Modal Dialog, see below (such as if I use authentication mode="Windows" or on Apache server .htaccess + .htpasswd).
How can I do that? Thanks.
You can try this tutorial which describes how to implement your own Basic Authentication HttpModule.
The example doesn't include the database integration, but it does indicate where you should do it, and takes care of most of the hard work.
Because it is an HttpModule you'll be able to reuse it easily in other project simply by referencing the library and linking it in your web.config.

asp.net mvc3, how do I authenticate?

I need to build a "my account" application for my friend. I plan to use asp.net MVC 3.
I have to use third party API to authenticate users. if this is regular web application, it is easy, I submit the request using third party API, get response back. if this is authorized user, create a session. ON all the protected pages, i just check the session, if it is exist, then show the content, otherwise redirect back to login page.
I probably can do the same on my mvc3 project, but I know that definitely is a wrong approach. MVC3 is very flexiable. there must be a better way to do it. After I get response back from the third party API. What should I do after that? please show me some codes if you can.
Use the ASP.NET membership provider and create a custom provider to hook into your API. This gets a lot of the hard work done for you and you're not "reinventing the wheel". There's a great overview about how to do this with MVC here: http://theintegrity.co.uk/2010/11/asp-net-mvc-2-custom-membership-provider-tutorial-part-1/
Create a new MVC 3 application using the "Internet Application" template when you do file-new project.
All the code is then created for you - in visual studio click on the "ASP.NET Configuration" icon in solution explorer.
create your users and your roles
decorate your controllers and/or action methods with
[Authorize(Roles="Administrators")]
public class MyAdminOnlyController : Controller
{
}
Configure additional features such as forgotten password functionality, password resets, etc. Some additional features will require coding.
Done!
I don't think using MVC3 for authentication is anything different than regular web app. In your controller, you will send the username and password getting from the view to the API,getting the response back.
You can then save it to session and check against it on any page you want to be protected.
MVC is just the way to separate view logic, business logic and data model. The application flow is the same.
ASP.NET already build ASP.NET membership provider. The back end data can be stored in ASP.NET Configuration website, SQL Server database,Active Directory, and another database but you need to custom the authentication provider.
this is the expample for SQLServer Membership provider, for the detail documentation you can read from here
For ASP.NET Configuration management Membership provider, you can read from Music Store ASP.NET MVC tutorial in Membership and Authorization section. If you want to learn about ASP.NET MVC authentication/authorization. Music Store example is a recommended tutorial for exploring ASP.NET MVC3 feature, Entity Framework and Authentication also.

What default mechanisms are in place in ASP.net for user login?

I veguely remember that there was a login/logout control in my ASP.net class, but I don't know what options there are for managing user logins, the only one I'm aware of is the Windows Authentication mechanism.
I believe you're talking about ASP.NET Forms Authentication. You can read more about it here.
Here's a video tutorial on the ASP.NET Login controls:
http://www.asp.net/general/videos/login-controls
You'll probably want to take a look at Forms Authentication - you can use both Windows and Forms authentication with an ASP.NET Web application.
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx

asp.net WebForms & asp.net MVC security options

What are the options for implementing secure login on a website and ensuring that the website itself as a whole is secure? - for both asp.net and mvc......
Kind regards
The easiest way would be to use the prepared winforms accounting in asp.net mvc template. Then you can use the [Authorize] attribute infront every action you want to prevent from accessing before logging in.

Resources