Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET MVC 3 User Authentication

Tags:

asp.net-mvc

What are some of the common methods to do simple user validation (account login)?

Also, can you have different authentication schemes per area?

Edit

I am creating an eCommerce site that will need to have protected actions per user. So how would one go about doing this? It will need to be able to let only authenticated users access their information.

like image 971
Sam Avatar asked Mar 28 '11 19:03

Sam

People also ask

How many types of authentication are there in ASP.NET MVC?

There are three types of authentication available in ASP.NET MVC. For form authentication the user needs to provide his credentials through a form. Windows Authentication is used in conjunction with IIS authentication.

What is the default type of authentication for ASP.NET Core MVC?

AuthenticationScheme by default, though a different name could be provided when calling AddCookie ). In some cases, the call to AddAuthentication is automatically made by other extension methods. For example, when using ASP.NET Core Identity, AddAuthentication is called internally.

3 Answers

You have several options when it comes to doing authentication in MVC:

  • The built-it MVC Forms Authentication (Tutorial available here and here)
  • Using Forms Authentication with Cookies in MVC3 (Link here)
  • Using Windows Authentication (Learn more here...)
  • Mixed Mode Authentication (Using Windows / Forms Authentication together.)

The built in Forms Authentication can allow you to limit access to different areas of your application based on Role, User among other things and it is quite easy to implement using the [Authorize] attribute.

The following would require the user be logged in:

[Authorize]
public ActionResult YourActionNameGoesHere()
{
}

Likewise, the following would require the user be logged in AND be an Administrator:

[Authorize(Roles="Administrator")]
public ActionResult YourActionNameGoesHere()
{
}

Those were just a few methods of accomplishing it, as you can see there are MANY different methods of accomplishing this - I hope this might have shed a bit of light in helping you decide.

like image 60
Rion Williams Avatar answered Oct 16 '22 16:10

Rion Williams

According to the security expert on the MVC team

The only supported way of securing your MVC application is to have a base class with an [Authorize] attribute, and then to have each controller type subclass that base type. Any other way will open a security hole.

http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

like image 25
Eric J. Avatar answered Oct 16 '22 16:10

Eric J.

please go to your model folder when you create a internet application with VS 2010. you will see a cs file there. that file holds a sample structure for User Authentication

Remember that : ASP.NET MVC is not a separate framework. it sits on top of ASP.NET so you can use System.Web.Security.Membership class on MVC as well.

Also, check your Account folder inside your view folder. you will some view samples there.

hope this helps.

like image 22
tugberk Avatar answered Oct 16 '22 14:10

tugberk
Sign in to Comment

Related questions

How to set TimeOut for OwinContext in MVC 5
.Net MVC 4 Project fails with Event Log Error "The Module DLL C:\WINDOWS\system32\inetsrv\aspnetcore.dll failed to load. The data is the error."
Asp.Net MVC 2 LabelFor Custom Text
Returning an anonymous type from MVC 4 Web Api fails with a serialization error
Mvc area routing?
Adding an explicit action route to ASP.NET Web API Controller
ASP.NET MVC Authorize user with many roles
How to set browsers tab page title in MVC web application ?
How to get Microsoft.AspNet.Http.HttpContext instance in Class Constructor using DI
asp.mvc view enteres #IF DEBUG in release configuration
How to unit test an ActionResult that returns a ContentResult?
Asp.Net MVC3 RC Razor views : syntax for embedding code inside <javascript> block
KnockOut.js With Asp.net mvc [closed]
Bootstrap Progress Bar for MVC File Upload
What might cause a 503 Service Unavailable for reports area of an asp.net mvc3 application?
Visual Studio 2019 version 16.11.0 - error CS1576: The line number specified for #line directive is missing or invalid
ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment
what is the entry point for an asp.net mvc 4 application?
How to return more specific HTTP code (like 401.X)
Best way to Handle Exception Globally in Node.js with Express 4?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!