Menu
What are some of the common methods to do simple user validation (account login)?
Also, can you have different authentication schemes per area?
Edit
I am creating an eCommerce site that will need to have protected actions per user. So how would one go about doing this? It will need to be able to let only authenticated users access their information.
971
There are three types of authentication available in ASP.NET MVC. For form authentication the user needs to provide his credentials through a form. Windows Authentication is used in conjunction with IIS authentication.
AuthenticationScheme by default, though a different name could be provided when calling AddCookie ). In some cases, the call to AddAuthentication is automatically made by other extension methods. For example, when using ASP.NET Core Identity, AddAuthentication is called internally.
You have several options when it comes to doing authentication in MVC:
The built in Forms Authentication can allow you to limit access to different areas of your application based on Role, User among other things and it is quite easy to implement using the [Authorize] attribute.
The following would require the user be logged in:
[Authorize]
public ActionResult YourActionNameGoesHere()
{
}
Likewise, the following would require the user be logged in AND be an Administrator:
[Authorize(Roles="Administrator")]
public ActionResult YourActionNameGoesHere()
{
}
Those were just a few methods of accomplishing it, as you can see there are MANY different methods of accomplishing this - I hope this might have shed a bit of light in helping you decide.
60
According to the security expert on the MVC team
The only supported way of securing your MVC application is to have a base class with an [Authorize] attribute, and then to have each controller type subclass that base type. Any other way will open a security hole.
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
25
please go to your model folder when you create a internet application with VS 2010. you will see a cs file there. that file holds a sample structure for User Authentication
Remember that : ASP.NET MVC is not a separate framework. it sits on top of ASP.NET so you can use System.Web.Security.Membership class on MVC as well.
Also, check your Account folder inside your view folder. you will some view samples there.
hope this helps.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
