How to implement role based authorization in asp.net mvc3 - asp.net-mvc-3

I'm working on a school project and I need to implement Role-based authorization in an ASP.NET mvc3 application. Currently the application only stores the user's role in a field in the database and there is only one login page. I need to alter the entire application in other for it to grant different content to different users including admin, supervisor and counselors (counselors are able to input new client info and edit and view client information that they inputted. Supervisors can view and edit all client info and also view and edit counselor info. Admin has crud access to everything on the application.)
I'm not sure about what other info to provide about the application but i'll really appreciate any help i can get as i am new to ASP.net mvc as a whole. Most of the tutorials i found focus on specific piece of the role based approach. I need more of a bottom-up approach to implementing the roles and its authorization.

Take a look at ASPNET configuration tool. I believe that it's what you're looking for:
Visual Studio 2013 and ASP.NET Web Configuration Tool
http://msdn.microsoft.com/en-us/library/yy40ytx0.aspx

Related

Passing Roles from ASP.NET Web API to ASP.NET CORE MVC to allow Authorize Attribute in Controllers

I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks

MVC can not log on online

I'm learning how to write simple websites with MVC 3. I have a little problem with loging on to my website. I created an account via ASP.Net Configuration site and there is no problem to log in unless I try to do this not on localhost. When I use log in form on my published online site, it takes a while and redirecting me to /shared/error. What did i wrong? Maybe I forgot about some libraries? I use default Account system, just this one which is created in new Web App project.
What are you using for persistence on the server? the ASP.Net Configuration is creating a user account in a database. If you don't explicitly specify a database, one is created for development purposes for you, but it is not copied to the server.
Also, there are some tables inserted into the database for you by the ASP.Net Configuration site for supporting users, roles, etc. These tables would need to be created on your server. see Creating the Membership Schema in SQL Server
If possible, you should consider MVC 4 instead of MVC 3, since the pre-built templates for it use Simple Membership instead of the full featured ASP.net Membership providers. Simple Membership uses only a few tables, and the views and stored procedures have been removed.

Single Page Application ASP.NET MVC 4 Authorization

Single Application Page Asp.net MVC 4 temlplate uses default database to check Login and Register but I want to use my existing database in my SPA application. There are some table to store info like default database and some table to store other info in my database. So how can I do this? or I just have to use default database for Authorization and use my database to do business?
There are, as always several ways to accomplish this task.
Microsoft shows you an example using ASP.NET Membership and Roles as it's a powerful way to accomplish what you want, and it even provides you with a sample Database for that to work.
You have the ability to override all the methods that handle membership and roles in this way, you benifit from using ASP.NET Membership & Roles and use your own Database (or anything to keep your user information in a common place, like text File or Xml, you decide!)
For this, you can see my answer on how to create your own Membership Provider:
Custom MembershipProvider in .NET 4.0
I suggest that you read this answer to the end, as I have added a Video Tutorial on the subject that might help you seeing thing this in a different perspective and how easy is to implement this.
Or you can simple discharge the Provider and do and use your own method, like, validade user and password and keep a Session throughout the user livecycle that let you know the user information and if he's logged in or not...
As throughout this late years, Microsoft suggest that you use their way, but you have always the freedom to do things your way.

Integrate a facebook c# sdk login system into an existing login system based on Microsoft Membership Api

I'm trying to figure out how should I integrate facebook login system in my existing application through facebook c# sdk.
I have a web forms application and I'm authenticating users by standard Login control.
I'm using MembershipProvider, RoleProvider and ProfileProvider.
I'm thinking I should persist FacebookUniqueID and put it into relation with existing informations on my Membership Users table.
I'm wondering wich is a correct approach to this.
Considering I have a custom Profile Provider that uses a custom sql table, it would be fast to add a FacebookUniqueID property to my user profiles and use it in my login workflow:
Login through facebook;
retrieve facebookUniqueID;
retrieve userName for the user that
have this specific facebookUniqueID,
then
FormsAuthentication.SetAuthCookie(userName, bool);
What about providing an overload for the previous method taking facebookUniqueID as parameter?
Please let me know what do you think about this from any perspective and if anyone knows a simple working example
I think you are on the right track. We implement a similar solution (though we have rolled our own custom membership/role/profile etc and don't use the built in approach.)
You also will have to handle the situations that occur when a new user (without an existing account) logs into your site via Facebook.

Live ID with MVC with out ASP.NET Membership

Does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. I am moving a project from Web Forms to a MVC solution and do not want to rebuild the database so ASP.NET Membership mentioned in windows-live-id-in-asp-net-mvc is not a valid solution.
And just to avoide this question the customer not want to use Open ID.
I don't fully understand your question, but here's an example of a MVC.NET app which uses LiveID but doesn't use an ASP.NET Membership provider:
http://blog.smarx.com/posts/actually-i-m-a-cia-agent

Resources