Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom Authentication and ASP.NET MVC

I have an internal web app being built in ASP.NET 4. We are stuck with using an authentication API built by another team. If a user to the site is authenticated successfully for the site I would like to give them access to the entire site.

In ASP.NET WebForm days I just used to keep a custom User object in session. If that object was null I knew the user wasn't authenticated. Is there a similar but improved method for this in MVC. I don't want to have to build my own provider of the ASP.NET Membership model if possible. What is the simplest way of doing this?

like image 432
BuddyJoe Avatar asked Sep 03 '13 14:09

BuddyJoe


People also ask

What is authentication in ASP.NET MVC?

ASP.NET MVC Authentication is a feature in MVC that helps in making the website highly secure and safe. Authentication is the process of confirming or validating the user's identity if the user who is trying to access the web page or web application is a genuine user or not.

How many types of authentication are there in ASP.NET MVC?

The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication. When IIS authentication is completed, then ASP.NET uses the authenticated identity to authorize access.

What is custom authentication?

In custom authentication, you use an authentication server to produce custom signed tokens when a user successfully signs in. Your app receives this token and uses it to authenticate with Identity Platform.


1 Answers

You can use Forms Authentication in conjuction with Authorize attibute as follows,

To restrict access to a view :

Add the AuthorizeAttribute attribute to the action method declaration, as shown below,

[Authorize] public ActionResult Index() {     return View(); } 

Configuring Forms Authentication in web.config

<authentication mode="Forms">      <forms loginUrl="~/Account/Login" timeout="2880" /> </authentication> 

Login Post Action: Set Authentication cookie if user is valid

[HttpPost] public ActionResult Login(User model, string returnUrl) {         //Validation code          if (userValid)         {              FormsAuthentication.SetAuthCookie(username, false);         } } 

Log off Action:

public ActionResult LogOff() {     FormsAuthentication.SignOut();     return RedirectToAction("Index", "Home"); } 
like image 77
Jatin patil Avatar answered Oct 05 '22 21:10

Jatin patil