I wanted to create an ASP .Net Core 2.1 REST server. For that I created a new project and choosed the "API" Template. I got it working with Entity Framework, a simple SQlite database and some GET and POST calls.
Now I'd like to add authorization (role based) to the API. I read about the Identity stuff but I just don't get it working. Is there any good tutorial or can somebody tell me how I can add authorization to my REST server? My database context already has a table "User" for the user information... thanks in advance!
If not already seen (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-2.1&tabs=visual-studio) is well worth a look.I'm not aware of tutorials involving SQLite and Identity though have used embedded databases without problems in other Net Core apps. The Visual Studio 2017 Net Core Template using "Individual User Accounts" option adds authentication/authorization out of the box for SQL Server (Express) database with a set of login/logout razor pages. The Identity tables are quite specific and generally populated by migrations. You may find it useful to scaffold the Identity razor pages by right-clicking the project "Add => New Scafolded Item => Identity" The ApplicationModel.cs model class is used to customise the AspNetUsers table. These can all be reverse engineered using "EF Core Power Tools" (https://marketplace.visualstudio.com/items?itemName=ErikEJ.EFCorePowerTools) and recreated in another database using a custom context (eg WCX_IdentityContext.cs) by selecting "Reverse Engineer" from right-click menu. Typically you can access via the context as shown below
[Authorize]
public IActionResult Index()
{
// The home page is redirected dependent on currently logged in user details stored in the Identity tables.
if (User.Identity.IsAuthenticated)
{
using (var context = new WCX_IdentityContext())
{
// Use Identity and EF core to retrieve logged on user details
var identity = (ClaimsIdentity)User.Identity;
// The AspNetUsers Identity table contains the basic identity details
var user = context.AspNetUsers.SingleOrDefault(x => x.UserName == identity.Name);
I hope this helps you getting started.
Related
I want to create a Site using MVC .net core 3.0 and I'd like to use Identity but I need the users to be save not in SQL but in a service we already have for administering users, and I can query using a Rest Service.
What I need is when an user logins, instead of reading from EF and SQL I need to go to this other Service and check there if the user and password are correct.
I want to keep protecting the rest of the pages using the [Authorize] attribute once an user logs in.
Is there a way to change this behavior in .net core Identity?,
Thanks for any comments!
Building an MVC5 intranet application that is using Windows Authentication.
I want to use the builtin roleManager to add roles to existing users. If I attempt to create a user, say AD\Username and add him the to Admin user role, I can do this just fine and Asp .Net Identity builds out and stores that information in the database.
However, I using [Authorize(Roles = "Admin")] on any particular controller action will not give me access to that page. It's as if there is no link between AD\Username and my AD user.
Is this built in to work with Asp .Net Identity? Or do I need to do some heavy customization? This seems fairly straightforward.
Thanks for the help!
I'm working on a school project and I need to implement Role-based authorization in an ASP.NET mvc3 application. Currently the application only stores the user's role in a field in the database and there is only one login page. I need to alter the entire application in other for it to grant different content to different users including admin, supervisor and counselors (counselors are able to input new client info and edit and view client information that they inputted. Supervisors can view and edit all client info and also view and edit counselor info. Admin has crud access to everything on the application.)
I'm not sure about what other info to provide about the application but i'll really appreciate any help i can get as i am new to ASP.net mvc as a whole. Most of the tutorials i found focus on specific piece of the role based approach. I need more of a bottom-up approach to implementing the roles and its authorization.
Take a look at ASPNET configuration tool. I believe that it's what you're looking for:
Visual Studio 2013 and ASP.NET Web Configuration Tool
http://msdn.microsoft.com/en-us/library/yy40ytx0.aspx
I'm learning how to write simple websites with MVC 3. I have a little problem with loging on to my website. I created an account via ASP.Net Configuration site and there is no problem to log in unless I try to do this not on localhost. When I use log in form on my published online site, it takes a while and redirecting me to /shared/error. What did i wrong? Maybe I forgot about some libraries? I use default Account system, just this one which is created in new Web App project.
What are you using for persistence on the server? the ASP.Net Configuration is creating a user account in a database. If you don't explicitly specify a database, one is created for development purposes for you, but it is not copied to the server.
Also, there are some tables inserted into the database for you by the ASP.Net Configuration site for supporting users, roles, etc. These tables would need to be created on your server. see Creating the Membership Schema in SQL Server
If possible, you should consider MVC 4 instead of MVC 3, since the pre-built templates for it use Simple Membership instead of the full featured ASP.net Membership providers. Simple Membership uses only a few tables, and the views and stored procedures have been removed.
new here and pretty new to mvc and visual studio also. My query is this: in a mobile based web application project; i wish to have newly registered users store their geolocation on bing maps alongside their details and regularly update-able offers.
I then need users of the site that do not register to be able to view these locations and details based on their own coordinates. Can i add tables to the existing registration and login database and query everything from there or do i need to create another database?
i am using visual studio 2012 express and mvc3
sorry if this is a bit vague...