1

when I was writing ASP.NET applications I used the Forms Authentication with my custom login page, like so:

Once login is a success I checked him as authenticated:

FormsAuthentication.RedirectFromLoginPage(userId.ToString(), true);

In order to check if a user is logged in, I had a class that inherited from a base page and all pages inherited from it, which contained a method that returned a bool after checking if the user is authenticated, with the following command:

return HttpContext.Current.User.Identity.IsAuthenticated;

Now, I'm doing an ASP.NET MVC application, and was wondering what is the best was to do that on MVC?

Thanks

Improve this question

2 Answers 2

Reset to default
1

ok MVC is very simple and similar

for your question you can use like .......

in your controller

public ActionResult LogOn()

    {
        return View();
    }

    //
    // POST: /Account/LogOn

    [HttpPost]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var userInfo = new UserInfo()
            {
                UserName = model.UserName,
                Password = model.Password,
            };

            var service = new CSVService();
            if(service.ValidateUser(userInfo))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return Redirect("~/");
                }
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks. does it have some kind of attribute that can be placed before ActionResult so only allowed users can view it?
ok for that you can use permission table and according to permission and role rights you can apply permission to particular user
1

The best way to authenticate website / web-application is using the Membership which is provided by Microsoft built in for Easy-ness .

From this you can do following things(features)

  • it maintains Log-in status (you don't have to bother about Authentication).

  • It allows to provide Roles & Users and Assigning permission who can see which page (Page Restriction)

  • It provides built-in Stored Procedures and UI tools like Log-in, Log-out,user,Password Recovery, Etc elements. & Highly secure (Hack-Proof)

for more info:

Walk through Membership (MSDN)

Improve this answer

2 Comments

I saw a tutorial on youtube about that - does it create another database?
Yes, but it is totally encrypted and you can only call the predefined stored procedures, For restricting the pages for particular user / particular browser you need to use administrative tools from Project Tab->ASP.NET Configurations (this admin tools modifies the web.config file ) which will provides & sets permissions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.