Login system in Asp.net mvc

Asked

Viewed 6,706 times

2

How do I implement a login system in an Asp.net MVC application. Do I use Forms Authentication or Identity? I’ve been reading about Identity and wanted to see a basic example of Identity using the MVC web template without authentication No Authentication. Or if not, an example Forms Authentication in the MVC.

asp.net-mvc asp.net-mvc-5

  • See this article that shows an excellent example of ASP.NET MVC and Identity: http://www.codeproject.com/Articles/770341/Embedded-Application-Identity-Part-Basic-Identit

  • Eduardo, I wanted an example where the Authentication: Individual User Accounts. A basic example of zero being used in Authentication: No Authentication Identity. Or one using the Forms Authentication same. I want to make a basic login system, just for learning.

  • @Do you want to understand the authentication process or are you learning to use only frameworks? Already used Forms web on Asp.net?

  • @Intruder I want to learn the Asp.net MVC authentication process, but without using MVC’s Individual User Accounts. I am developing an application in Asp.net MVC, but I wanted to make my own login system. When we create a new project in VS it gives us the options in Chance Authentication, and I want to use the No Authentication, however, I do not know how to implement this login system, account records, the same comes in Identity Individual User Accounts. Get it? (rs)

  • So start by understanding the concepts, then you get to understand the tools that you can use for this. The way you’re asking, it seems more like you want to understand how these tools work. For example, you can start by understanding the difference between authentication and authorization, then what kind of tools you use. net provides to perform these activities. Be aware that MVC does not necessarily represent development in Asp.net, the old guard lived web Forms with layered architecture and this is still possible, as well as some mechanisms.

  • There is a very interesting article about Identity including the sample project to download. A video of almost 3 hours, in it are clarified many features. On the same site there are other articles that also help in understanding. http://eduardopires.net.br/2014/08/asp-net-identity-tutorial-completo/

Show 1 more comment

1 answer

5


Most of the tools you used on Asp.net with Web Forms are available on Asp.net MVC, the Framework has evolved, but that doesn’t mean you no longer have the other tools. Therefore, you can implement an authentication mechanism based on a repository or service, just as you did before. A simplistic example would be a table in the database where you validate a login and password typed in a form.

It is important to note that Authorization is different from authentication, the act of authenticating a user is similar to checking an identity, while authorizing is allowing someone identified to use a resource (controlling the urls that someone can access).

So, in a very simple system, you would configure your Web.config for the "Forms" authentication type, with the controller/action url that logs in (the login form) and then does a method that returns a boolean by checking true for correct login and password and false for wrong.

Sample of a Web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

If the user hits the login and password, you authenticate it using the method: 

FormsAuthentication.SetAuthCookie(username, false);

Where username is login and ready, you built an MVC application with using custom Forms-based authentication.

It’s important to note that if you control login, but you don’t restrict access to controllers or actions for authenticated users, then you’re doing nothing. :)

To restrict the access of a Controller or an action, you can use an "Authorize" attribute, as in the example below:

public class HomeController : Controller
{
    [Authorize]
    public ActionResult Index()
    {
        ViewBag.Message = "Welcome to ASP.NET MVC!";

        return View();
    }

    [Authorize(Roles="Admin")]
    public ActionResult About()
    {
        return View();
    }
}

This is not a good way to do Authorization, note that in one of the controller methods I allow only Admin (fixed in code) access, this should be controlled dynamically, because in practice you control several profiles dynamically in real world applications.

Another problem is that you have to remember which areas (controller/action) are restricted, so sometimes you might wonder if it’s worth having a Controllerbase class and inheriting your controllers from it, then you restrict access to that class, though you may also fail to inherit it from her. Automated testing or code review would help.

A good basic article on Custom Authentication: http://www.codeproject.com/Articles/578374/AplusBeginner-splusTutorialplusonplusCustomplusF

Remember that the method that does the custom authentication is your responsibility, so you can use whatever repository you need. For example, I worked on a project where we used Forms to authenticate the user in the network’s Active Directory, I used Forms the same way, the difference was the method to authenticate.

  • Thanks @Intruder! Helped a lot.

  • 1

    only one caveat: no, the framework has not evolved, are two different products that can coexist, ie, MVC is not an evolution of Webforms, both are different frameworks that run on the ASP.NET platform.

Browser other questions tagged asp.net-mvc asp.net-mvc-5

You are not signed in. Login or sign up in order to post.