How to login to WEB project Asp. Net MVC No Authentication?

Asked

Viewed 1,346 times

1

Well, I created a WEB project and at first I figured I wouldn’t need to add the login system, so I used the template No Authentication (so far so good...). The problem is that now I would like to add the login without having to migrate my project to a new one. I don’t know if manually making the login module would be really safe. Can someone help me?

  • Stay stay, but first I need to know if you would like to use one template common ASP.NET MVC project or makes sure to manually write its engine.

  • I’d rather use the template even.

  • I can write an answer more within your problem or something more didactic. Which prefer?

  • Thanks already my friend. Well, I would like to solve my problem, but I would also like to learn a little more. Would you have time and availability to do something well didactic? (Note: I am beginner)

  • It looks like @Gypsy Rrisonmendez will do.

2 answers

3


As a simpler and less demanding answer, it would be better to generate another solution with Individual User Accounts and transfer the sources of the old solution to the new solution, but it is worth adding the explanation for the case of a fully customized authentication solution.

Security is an aspect that can be achieved by manually implementing your own authentication scheme. Since ASP.NET Identity is extensible, tailoring becomes very simple, although the set of elements is not). Although it is very laborious, the reimplementation of classes can be very advantageous for those who want to have full control over each aspect that involves authentication and information related to it. Just watch out for the purpose of each component, which I will explain below.

Class SignInManager

This is the actual authentication class. When generating a project with Individual User Accounts, for example, a Controller (AccountsController.cs) who makes use of SignInManager. Until the date of this reply, SignInManager is not documented in MSDN. What exists are examples and the source code. Even the examples are not specific to a suitable tailoring.

In the same project generated, we still have the following class that derives from SignInManager:

public class ApplicationSignInManager : SignInManager<ApplicationUser, string>
{
    public ApplicationSignInManager(ApplicationUserManager userManager, IAuthenticationManager authenticationManager)
        : base(userManager, authenticationManager)
    {
    }

    public override Task<ClaimsIdentity> CreateUserIdentityAsync(ApplicationUser user)
    {
        return user.GenerateUserIdentityAsync((ApplicationUserManager)UserManager);
    }

    public static ApplicationSignInManager Create(IdentityFactoryOptions<ApplicationSignInManager> options, IOwinContext context)
    {
        return new ApplicationSignInManager(context.GetUserManager<ApplicationUserManager>(), context.Authentication);
    }
}

Here:

public class ApplicationSignInManager : SignInManager<ApplicationUser, string>

I make it clear that SignInManager will use as a user class ApplicationUser, and the Id (identifier) of a user will be string. You could very well index user using integer numbers for example. Just change the type passed from string for int.

Already ApplicationUser is derived from IdentityUser. In the case of Individual User Accounts, which is a project that uses Entity Framework, use IdentityUser is ok. If your project uses another technology for database abstraction, ApplicationUser could not derive IdentityUser.

Class IdentityUser

IdentityUser implements several concepts that can make your authentication very comprehensive. The standard prototype of the class without specification of the generic classes is:

public class IdentityUser : IdentityUser<string, IdentityUserLogin, IdentityUserRole, IdentityUserClaim>, IUser, IUser<string>
  • string is the representation of the user’s key. As well as in ApplicationSignInManager, we are considering that a user’s identifier is a string;
  • IdentityUserLogin has the login data and the data of a login provider. Suppose your application will authenticate using a Google login. This class allows this to be done;
  • IdentityUserRole is a class that can associate a user to a Roll (the best translation to role is "profile"). This exists to preserve the old profile permissioning scheme that existed in the previous architecture, known as ASP.NET Membership;
  • IdentityUserClaim associates a user to a club. In Portuguese, club would be something like a "credential", but it is more granular than that. A club is any information that is part of a user’s identification in the application. For example, your CPF may be a club. Your ID too.

And how is a user created? The answer is in the next class.

Class UserManager

UserManager is a (huge) class whose methods create, alter or delete any user or information relating to it, such as roles and Claims. For a true custom schema within ASP.NET Identity, you need to reimplement this class. As a curiosity, her source is here.

Other Authentication Schemes

ASP.NET Identity can be tremendously complex for those who are starting to write their own authentication layer. In this context, it is worth going back a little and master the ASP.NET Membership, more limited, but simpler. Here on the site I have already given several answers about it that may be useful:

  • You’re beast man! Thank you so much for all this explanation. I did everything as indicated, I had some problems, but I managed to solve reading other help.

2

If you’re going to use ASP.NET Identity, which is great, check out this post where the rewarded user shows you how to include ASP.NET Identity from a template WITHOUT o ASP.NET Identity - No authentication included - template option marked with the No Authentication: Example of ASP.NET Identity using SQL Server

However, it might be interesting for you to create another ASP.NET MVC project with ASP.NET Identity and copy the classes and settings. Because of the changes you’ve already made.

  • A curiosity about that answer you mentioned. The person at the time did not finish the reply and used another user of her own to assign the reward. I will write another more complete reply.

  • @Gypsy, interesting.

  • I will be very grateful!

  • I just don’t understand what it is. rs

  • I actually need to tell a little story here. The author of the question at the time asked for the answer to teach how to do it specifically using No Authentication but without understanding the Individual User Accounts, then I wrote an answer explaining Individual User Accounts. Although the answer is accepted, the author of the question had 2 users: one he used to answer, and the other to vote in favor of the first and transfer reputation. Notice that the answer was half over. He doesn’t even talk about SignInManager, which is the most important part of authentication. I will reply to make it clear.

  • @Gypsy, complaint computed.

  • @Jedaias, follow him who will help you

  • I’ll be looking forward to it, but thank you.

Show 3 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.