2

I am creating ASP.NET MVC web application. I have data model User:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace Knihovna.Models
{
    public class User
    {
        public int UserId { get; set; }
        public string Name { get; set; }
        public string Login { get; set; }
        public string Password { get; set; }
        public List<Book> Books { get; set; }
    }
}

and I need to create user registration and user login. Application needs to know If user is logged in.

Is there some best practises how to do it? Save logged in user in session?

Improve this question

2 Answers 2

Reset to default
2

I would use the ASP.NET membership and role provider model. If you would like to do it with your custom tables you can create a class that inherits from Membership Provider. There are a number of methods you can implement to support things like changing passwords, forgot password etc... but the one for logging in would be ValidateUser

public sealed class MyMembershipProvider : MembershipProvider
{
    public override bool ValidateUser(string username, string password)
    {
        bool isValid = false;
        // your authentication logic here
        var ticket = new FormsAuthenticationTicket(
                    1,
                    YOUR_USER_ID_HERE,
                    DateTime.Now,
                    DateTime.Now.AddMinutes(30),
                    false,
                    name,
                    FormsAuthentication.FormsCookiePath);

                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
                HttpContext.Current.Response.Cookies.Add(authCookie);

        return isValid;
    }
}

You will also need to create a role provider if you would like there to be different levels of users. To do so you will inherit from the RoleProvider class.

public sealed class MyRoleProvider : RoleProvider
{
   // Implement logic here
}

To authorize certain areas of your application you would use the Authorize attribute.

public class MyController : Controller
{
     [Authorize(Roles="Role1,Role2")]
     public ActionResult Index()
     {
         // Implement your code
     }
}

Finally there is some configuration in the web.config you have to do to get it to use your providers. 

<authentication mode="Forms">
  <forms loginUrl="~/Login" timeout="2880"/>
</authentication>
<membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20">
  <providers>
    <clear/>
    <add name="MyMembershipProvider" type="Your.NameSpace.MyMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false"/>
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="MyRoleProvider" cacheRolesInCookie="true">
  <providers>
    <clear/>
    <add name="MyRoleProvider" type="Your.NameSpace.MyRoleProvider"/>
  </providers>
</roleManager>

You can find more information about the memberhsip and role providers on MSDN

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I implemented custom membership provider at it works now as I except, thanks!
2

There's no need to mess up with the Session object.

As you're already working with ASP.NET MVC, you probably have an AccountController in your Controllers folder. This controller has the basic authentication methods in place.

I suggest you take a look at this tutorial by the ASP.NET team that explains and then shows you how to use Authentication + Authorization in ASP.NET MVC.

The default Visual Studio project template for ASP.NET MVC automatically enables forms authentication when new ASP.NET MVC applications are created. It also automatically adds a pre-built account login page implementation to the project – which makes it really easy to integrate security within a site.

NerdDinner Step 9: Authentication and Authorization

Improve this answer

1 Comment

I need really very not complicated implementation of user login a register actions. Unfortunately it is school project so I need to program it myself. What do you suggest?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.