I use HttpContext.Session to save some invoice info of user,
when he/she go to third site to pay its cost and back to my site, all Session data is null and I don't know what was he/she invoice no was!
How should I achieve this?
You can register your app to use a SessionState Temporary Data Provider
Startup.cs
In ConfigureServices
services.AddMvc().AddSessionStateTempDataProvider();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddSession();
In Configure
app.UseSession();
I tested it out with this controller
public IActionResult Index()
{
var on = HttpContext.Session.GetString("ordernumber");
HttpContext.Session.SetString("ordernumber", "123456");
return Redirect("http://google.com");
}
After we get redirected to google, if I then navigate back to localhost I can see that on contains "123456"
And if you wan to display it in the view, you can inject the HttpContextAccessor we registered earlier:
#using Microsoft.AspNetCore.Http;
#inject IHttpContextAccessor HttpContextAccessor
#{
ViewData["Title"] = #HttpContextAccessor.HttpContext.Session.GetString("ordernumber");
}
Related
I have users in our app, who are mapped to companies. When a user logs in and starts to make requests I want a way to validate if that user is currently mapped to the company for access to company resources.
The idea I had was to create a whole controller just to manage all of this, but someone mentioned ActionFilters as a much better and cleaner option, I have to agree after looking at it.
The idea is to have the controller setup as:
controller - action - CompanyId - ReportId
So any request to root the system would just look up if there are any companies mapped to that logged in user.
But if the request included CompanyId then they'd go to that company's “portal” account page. It's really any request that includes CompanyId where I want the actionFilter to make a determination on if that user is allowed access.
Request comes in...
There is a CompanyId in the request!
ActionFilter:
Look up in db for all users assigned to that CompanyId. Is current user within that list? No? = kick'em out.
I tried to type in a code example, but the system told me to manually indent each line by 4 spaces, I was doing it from memory anyways so no idea how helpful it would have been anyways.
You could get your action parameters in your action filter and then get your database via HttpContext.RequestServices.GetRequiredService<ApplicationDbContext>().Refer to here.
public class TestActionFilter:Attribute,IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
//If companyId is action parameter
var companyId= context.ActionArguments["companyId"].ToString();
//If companyId1 is query string
var companyId1= context.HttpContext.Request.Query["companyId1"].ToString();
//If companyId2 is in request header
var companyId2= context.HttpContext.Request.Headers["companyId2"].ToString();
//get your dbcontext
var db = context.HttpContext.RequestServices.GetRequiredService<ApplicationDbContext>();
//EF core logic
//...
}
public void OnActionExecuted(ActionExecutedContext context)
{
}
}
You could use it on action directly using [TestActionFilter] attribute or set as global filter
services.AddMvc(options =>
{
options.Filters.Add(new TestActionFilter()); // an instance
});
I am trying to define a custom way of User Roles since my DB's structure for the User table is the following structure:
Role is a bool so if it's true the User is an Admin, else he's a normal User.
I know I need to declare the add.UseAuthorization() in Startup.cs. and I can add the Attribute [Roles="Administrator"] / [Roles="User"] inside the Controller but I am not sure how to define the role to be determined by my Role column from the User table.
I've been searching the internet, reading about Policies too but I don't think that's the right way to implement. Everything I've found online is about some sort Identity structure but doesn't make any sense on how to attach it to my Role column.
Hope, someone can help me out. Thanks!
If you are free to manipulate your DB, I would highly suggest using IdentityFramework, it's a powerful framework which can integrate in your own database.
But to answer your question specifically, there's two steps missing:
Pick an authentication scheme to login the user (e.g. Cookie-based, ...)
Once the user logs in, save the designed Role in a ClaimsPrincipal object. This way the [Authorize(Roles = "User")] declaration can pick this up.
Below you'll find a basic example using the default ASP.NET Core template in Visual Studio.
Add the Authentication middleware your ConfigureServices method, and configure it using a AuthenticationScheme. In this case I'm using Cookie authentication.
//in ConfigureServices, add both middlewares
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
//in the Configure() method, enable these middlewares
app.UseAuthentication();
app.UseCookiePolicy(new CookiePolicyOptions());
Now you're ready for action. Let's say you have an Action method in which you want to authenticate the user. This is where you want to transform your Role so it can be recognised by [Authorize]
Get the value you need from your database. You'd end up with a bool. Convert it to a Role Claim, and add that to a ClaimsIdentity.
bool roleFromDb = true; //this comes from db
//convert to Claim of "Role" type, and create a ClaimsIdentity with it
var adminClaim = new Claim(ClaimTypes.Role, roleFromDb ? "Administrator" : "User");
var claimIdentity = new ClaimsIdentity(new[] { adminClaim },
CookieAuthenticationDefaults.AuthenticationScheme);
//signs in the user and add the ClaimsIdentity which states that user is Admin
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimIdentity));
With that done, you can mark other actionmethods using the [Authorize] attribute, e.g:
[Authorize(Roles = "User")]
public IActionResult About() { ... }
[Authorize(Roles = "Administrator")]
public IActionResult Contact() { ... }
Now, only a signed in user with the "Administrator" role can visit the Contact page.
Check this resource for a more finetuned configuration of the middleware used.
Another way of implementing, based on my database without any modifications, is to use Claims and Cookies. I've managed doing this reading the following documents
Link One
Link Two
I've encountered only one major issue which was solved by reading this.
I'll also add the Login method and the Startup.cs rows, so others can see how to use it (if the docs aren't enough).
Login method from the Controller
[AllowAnonymous]
[HttpPost]
public async Task<IActionResult> Login(UserModel userModel)
{
if (_iUserBus.LoginUser(userModel))
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, userModel.Email),
new Claim(ClaimTypes.Role, _iUserBus.GetRole(userModel.Email)),
};
ClaimsIdentity userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
var authProperties = new AuthenticationProperties
{
IsPersistent = false,
};
await HttpContext.SignInAsync(principal, authProperties);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("Password", "Email and/or Password wrong");
return View();
}
}
Startup.cs
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = "/Users/Login";
options.LogoutPath = "/Users/Logout";
});
Hope this is useful to anyone in need.
Intro:
I am a .NET studet trying to learn ASP.NET Core MVC. So please be understanding. I have searched the web for an answer to my problem, but havent found a solution that works for me.
Problem:
I want to pass a validation message from my create post method to the index IActionmethod whenever a post has been created and them show it as an alert message for now. I have read on the web that ViewBag dosent survive a redirect, but a TempData does. This is my code so far.
Create post method:
public IActionResult CreatePost(string textContent, string headline, string type)
{
var catType = new Category() { CategoryType = type.ToUpper() };
if (db.Category.Any(s => s.CategoryType.Trim().ToLower() == type.Trim().ToLower()))
catType = db.Category.FirstOrDefault(s => s.CategoryType.Trim().ToLower() == type.Trim().ToLower());
var newPost = new Post()
{
Content = textContent,
Header = headline,
DateOfPost = DateTime.Now,
category = catType
};
db.Posts.Add(newPost);
db.SaveChanges();
TempData["validation"] = "Your post hase been publsihed";
return RedirectToAction("Index");
}
The index method:
public IActionResult Index()
{
var validation = TempData["validation"];
var posts = (from x in db.Posts
orderby x.DateOfPost descending
orderby x.PostID descending
select x);
return View(posts);
}
I have tried this guide: ClickThis and this one: ClickThis2 but I got this message:
I know this line from gudie number 2 might be important, but didnt now how to apply it. -
var product = TempData["myTempData"] as Product;
The last thing I want to do is pass it to the index view, but dont know how. I am currently passing a model from the index.
Tell me if it is anything more you would like to see. Like dependencies.
All the help I get is gold and will be much appreciate!!!
I landed on this question while googling for "asp.net core redirect to action tempdata". I found the answer and am posting it here for posterity.
Problem
My issue was that, after filling in some TempData values and calling RedirectToAction(), TempData would be empty on the page that I was redirecting to.
Solution
Per HamedH's answer here:
If you are running ASP.NET Core 2.1, open your Startup.cs file and make sure that in your Configure() method app.UseCookiePolicy(); comes after app.UseMVC();.
Example:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
app.UseCookiePolicy();
}
Did you configure Session? TempData is using session behind the scenes.
Project.json
"Microsoft.AspNetCore.Session": "1.1.0"
Here is the Startup.cs file. - ConfigureServices method
public void ConfigureServices(IServiceCollection services)
{
services.AddMemoryCache();
services.AddSession();
services.AddMvc();
}
And Configure method.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseSession();
app.UseMvc(routes => {
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
Now try with TempData, it will work.
And you can set the environment with set ASPNETCORE_ENVIRONMENT=Development environment variable.
TempData stores data server-side, under user Session. You need to enable sessions (as exception message says). Check this manual.
If you don't want to use sessions - you need some other way to store data (cookies?)
Providers
The TempData is using various providers for storing the state. By default the cookie based data provider is used.
Session is just an alternative
If your application do not use session I do not see any reason to use it only for TempData store.
Cookie Consent
ASP NET Core 2.1 have some new GDPR features based on cookies. By default, data should be stored in cookies only with the user's consent. If the user does not agree with the storing data in cookies, TempData cannot work. This behavior varies across versions of ASP NET Core.
If you do not want to hold any sensitive data in cookies, you can obviously change the settings.
app.UseCookiePolicy(new CookiePolicyOptions
{
CheckConsentNeeded = context => false
});
You can set the CookiePolicyOptions separatelly in ConfigureServices as well. It is a quite cleaner.
Story continues
We have two kind of data in the cookies. Essential data (needed for running application) and non-essential (some user data). User consent is needed for non-essential data. TempData is non-essential. You can set you TempData as essential and user consent is not needed anymore:
services.Configure<CookieTempDataProviderOptions>(options => {
options.Cookie.IsEssential = true;
});
I highly recommend to think about this before copy / paste.
I'm just posting this for anyone who comes across this problem in an ASP.NET MVC application, #Ahmar's answer made me go look at my logout method, I was using Session.Abandon() before redirecting to the login page.
I just changed it to Session.Clear() to reset the session instead of removing it completely and now the TempData is working in the method I'm redirecting to.
I work on simple project in .net core. It school task, so I do not need any advanced practices. Can you tell me what is the simplest way to set default view when session is null ? For example When user manually enter Url /Home/Tasks he will be redirected to Account/Login until enter correct login. Thanks
You achieve that simply use basic authentication. Choose Individual User Accounts option while creating new application:
After that take a look at the Startup.cs class and add following lines to ConfigureServices method:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityOptions>(options =>
{
options.Cookies.ApplicationCookie.LoginPath = new PathString("/Login");
options.Cookies.ApplicationCookie.LogoutPath = new PathString("/Logoff");
});
}
or
services.Configure<CookieAuthenticationOptions>(options =>
{
options.LoginPath = new PathString("/Account/Login");
});
Ones this is done you can mark your controller with an [Authorize] attribute and all actions of that controller will require user to be logged in:
[Authorize]
public class HomeController : Controller
{
...
}
This is a mvc application
I have the links below on my master page
Link1 Link2 Link3 signout signIn
I have a userprofile object that is populated
when authentication is done.
When the session object for the user expires
and I click on the links, I get the yellow page(error page).
I will prefer a situation where when you click on the
links and the session object is expired, you get
redirected to the signin page.
Soln A: I could solve this problem by writing a method
which test for null value of the userprofile object then
make a call to this method on the click on every link.
I dont want this approach because in the future if there
are new controllers, i will need to care for them.
Do you have any idea how I can solve this problem?
I would have a Base Controller than all of your other controllers inherit from. Within this I would have a
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (SessionManager.Instance() == null)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary
{
{ "Controller", "BaseController" },
{ "Action", "LogOn" }
});
}
base.OnActionExecuting(filterContext);
}
The OnAction Executing will be hit before any method in any of your controllers - this way you can check your session is valid or your user is valid or whatever and handle the redirect to the view you want if that is not the case. If you do a Google search for Filters Actions MVC you will find out much more info.