I am working on a project to be used in a company. The system will have only 1 administrator account.
The administrator will add system users and each user can create his own contacts.
I created a WCF service to connect with the database, an asp.net mvc3 project for admin, and another WPF app for system users.
My questions is:
I have only one user (admin) to log in with this asp.net mvc project: how do I work with this situation?
I think membership provider and database are not required because I am only working with one user, right??
MVC is lightweight framework with clear separation between code and HTML. It has following major benefits. Business logic is stored in a single state called model where in traditional asp.net platform, each page has its own business logic making it complex.
Try this:
web.config:
<authentication mode="Forms">
<forms loginUrl="~/Admin/LogOn" timeout="2880" >
<credentials passwordFormat="SHA1">
<user name="admin" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"/>
</credentials>
</forms>
</authentication>
Password format is set to SHA1, so Your password won't be visible in clear text. It still can be cracked though. Generate Your own hash using online SHA1 generator for example.
loginUrl is a route to Your login page (duh :P), so change it if it's different.
CredentialsViewModel:
public class CredentialsViewModel
{
[Required]
public string UserName { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
}
View model for Your login view.
AdminController:
public ViewResult LogOn()
{
return View();
}
[HttpPost]
public ActionResult LogOn(CredentialsViewModel model, string returnUrl)
{
if(ModelState.IsValid)
{
if(FormsAuthentication.Authenticate(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, false);
return Redirect(returnUrl ?? Url.Action("Index", "Admin"));
}
else
{
ModelState.AddModelError("", "Incorrect username or password");
}
}
return View();
}
[Authorize]
public ViewResult Index()
{
return View();
}
So LogOn action will authenticate credentials passed from the view; compare it with web.config data.
Important part here is [Authorize] attribute which will prevent access from unauthorized users.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With