1

I have a web app that allows a user to pay for a holiday booking.

The user will log in using a combination of a unique booking ID and a booking password.

Is there a simple way I can authenticate the user once they have successfully logged in. Is it a good idea to use the .net session object for this purpose?

The app wont be load balanced so I don't need to worry about storing session across different machines.

I would like to not have to use .Net membership as I don't want to create any extra tables in the database.

Improve this question

2 Answers 2

Reset to default
2

If you are able to retrieve the user, I guess this is possible. Below is the way I would try:

public ActionResult UrlAuth(string bookingId, string bookingPass)
{
    var userManager=HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();

    // Retrieve the user by the give booking values (Custom part in your app
    string userId= _bookingRepository.GetUserIdByBooking(bookingId, bookinggPass);

    var user = userManager.FindById(userId);
    if (user != null)
    {
        var userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

        HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = false }, userIdentity );

        // authentication succeed do what you want 
        return Redirect("Wherever");
    }

    ModelState.AddModelError("", "Invalid booking values");

    return View();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks. This helped a lot
1

Here's a good general article with custom authentication for MVC

http://www.ryadel.com/en/http-basic-authentication-asp-net-mvc-using-custom-actionfilter/

http://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.