This is a a topic with a variety of opinions around the web.
Basically i am developing a SAAS application using ASP.net MVC 3.
I wanted to know what would be a good way of storing user_id to see if the correct user is authenticated?
I know the classic session asp.net method but really want to avoid this.
Any suggestions would be great
One thing is that you can Authorize the users simply in the controller method. There you can authenticate an individual user/s or group/s.
If you are using ASP.NET Membership provider,
Guid userGuid = (Guid)Membership.GetUser().ProviderUserKey;
This will work. Please comment if you need any other guidance.
Related
I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks
I have a new MVC6 solution that uses ASP.Net Authentication and OAuth.
For my Account controller, I am able to retrieve the logged in Context.User.
However, I am not able to retrieve the same values when using another controller. Context.User.Identity fields all have null values.
How do I enable my other controller to retrieve the logged in user?
UPDATE: As mentioned in the comment trail in an answer below, the problem was in the client, not in the server, as the client was not sending the proper credentials for ASP.Net Authentication to identify.
First of all Microsoft merge Web API and MVC in MVC 6, so we can say there is no "WebAPI" anymore.
Maybe you are using MVC 5 and add the wrong tag? If that's the case maybe this or this can help you.
Single Application Page Asp.net MVC 4 temlplate uses default database to check Login and Register but I want to use my existing database in my SPA application. There are some table to store info like default database and some table to store other info in my database. So how can I do this? or I just have to use default database for Authorization and use my database to do business?
There are, as always several ways to accomplish this task.
Microsoft shows you an example using ASP.NET Membership and Roles as it's a powerful way to accomplish what you want, and it even provides you with a sample Database for that to work.
You have the ability to override all the methods that handle membership and roles in this way, you benifit from using ASP.NET Membership & Roles and use your own Database (or anything to keep your user information in a common place, like text File or Xml, you decide!)
For this, you can see my answer on how to create your own Membership Provider:
Custom MembershipProvider in .NET 4.0
I suggest that you read this answer to the end, as I have added a Video Tutorial on the subject that might help you seeing thing this in a different perspective and how easy is to implement this.
Or you can simple discharge the Provider and do and use your own method, like, validade user and password and keep a Session throughout the user livecycle that let you know the user information and if he's logged in or not...
As throughout this late years, Microsoft suggest that you use their way, but you have always the freedom to do things your way.
We are using our first website that will give the users the choice of either using our standard .net membership provider or facebook using the facebook c# sdk (awesome sdk by the way!).
We have handled most of it but need to restrict access to certain areas based on the user being logged in or not. In the past with pure .net membership we used the [Authorize] attribute on the method, however if the user is logged in using facebook then this is false.
I know I can try to roll our own dataannotation extension. Or I could just manually try one or the other. I know there is also the FacebookAuthorization annotation. I would ideally like to use these annotations (as both would go to the same login page if the user is not logged in).
Does anyone have a good example of a site using mixed membership using some dataannotation? Or a dataannotation extension?
Thanks in advance
Call the standard FomsAuthentication.SetAuthCookie method upon completing the Facebook OAuth flow. The Authorize attribute should then work properly.
We have used a global filter attribute. We've created that one our self. If somebody has a better idea, I'm open for suggestions!
Does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. I am moving a project from Web Forms to a MVC solution and do not want to rebuild the database so ASP.NET Membership mentioned in windows-live-id-in-asp-net-mvc is not a valid solution.
And just to avoide this question the customer not want to use Open ID.
I don't fully understand your question, but here's an example of a MVC.NET app which uses LiveID but doesn't use an ASP.NET Membership provider:
http://blog.smarx.com/posts/actually-i-m-a-cia-agent