Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to work with asp.net mvc project that's have only one user

I am working on a project to be used in a company. The system will have only 1 administrator account.

The administrator will add system users and each user can create his own contacts.

I created a WCF service to connect with the database, an asp.net mvc3 project for admin, and another WPF app for system users.

My questions is:

I have only one user (admin) to log in with this asp.net mvc project: how do I work with this situation?

I think membership provider and database are not required because I am only working with one user, right??

like image 359
Tarek Saied Avatar asked May 19 '12 08:05

Tarek Saied


People also ask

Why we go for MVC instead of ASP Net?

MVC is lightweight framework with clear separation between code and HTML. It has following major benefits. Business logic is stored in a single state called model where in traditional asp.net platform, each page has its own business logic making it complex.


1 Answers

Try this:

web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Admin/LogOn" timeout="2880" >
    <credentials passwordFormat="SHA1">
      <user name="admin" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"/>
    </credentials>
  </forms>
</authentication>

Password format is set to SHA1, so Your password won't be visible in clear text. It still can be cracked though. Generate Your own hash using online SHA1 generator for example.

loginUrl is a route to Your login page (duh :P), so change it if it's different.

CredentialsViewModel:

public class CredentialsViewModel
{
    [Required]
    public string UserName { get; set; }

    [Required]
    [DataType(DataType.Password)]
    public string Password { get; set; }
}

View model for Your login view.

AdminController:

public ViewResult LogOn()
{
    return View();
}

[HttpPost]
public ActionResult LogOn(CredentialsViewModel model, string returnUrl)
{
    if(ModelState.IsValid)
    {
        if(FormsAuthentication.Authenticate(model.UserName, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.UserName, false);
            return Redirect(returnUrl ?? Url.Action("Index", "Admin"));                
        }
        else
        {
            ModelState.AddModelError("", "Incorrect username or password");
        }
    }

    return View();
}

[Authorize]
public ViewResult Index()
{
    return View();
}

So LogOn action will authenticate credentials passed from the view; compare it with web.config data.

Important part here is [Authorize] attribute which will prevent access from unauthorized users.

like image 177
lucask Avatar answered Nov 16 '22 01:11

lucask