I am looking to upgrade a project I have from ASP.NET Web Forms to MVC 4.
In the process of the upgrade I am trying to re-evaluate the way we handle authentication and login.
Currently, when a user attempts to log in, I (the front-end), make a call to the database to validate and then that comes back as yay or nay with an associated 'token'. I then have to pass that token to the next page on our site where it gets placed into a javascript object. That token is then passed with every ajax call and is updated after each with a new token. I personally manage that token within the client browser.
Now, in MVC 4 the default Internet Application comes with the needed logic to employ some form of local registration and login. But I don't understand how it works.
After a user 'registers' where does that get stored?
When a user is logged in and then changes pages, how does that user stay logged in?How does his credentials get passed?
It seems to me that the current way that we handle our login is grossly outdated and flawed. But at this time I do not understand how I could setup MVC to look at our current (external, its not within this project) database to authenticate users.
I have a book on MVC 4 but it doesn't seem to go into detail on how this works.
Any help would be appreciated.
Thanks!
ASP.NET Core Identity is a membership system which allows you to add login functionality to your application. Users can create an account and login with a user name and password or they can use an external login providers such as Facebook, Google, Microsoft Account, Twitter and more.
Also, MVC relies heavily on reflection, which allows you to inspect types at runtime using strings. Reflection is used in many programming frameworks.
After a user 'registers' where does that get stored
If you used VS2012, ASP.NET MVC 4, it will store the user in LocalDB
. That's the default out-of-the-box implementation that uses the new Simple Membership Provider
.
When a user is logged in and then changes pages, how does that user stay logged in?How does his credentials get passed?
The currently authenticated user is stored in a encrypted Forms Authentication
cookie. Look at the LogOn
POST action which emits this cookie.
I had a similar question, you can see my post here, but the solution I found and went with was from this article. It's very detailed with how the new SimpleMembership system works.
The biggest change is that you no longer need any of the aspnet_regsql stuff anymore. Once you register, the database schema gets created along with a row for the user. No SP's or Views required!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With