This is our first time using this pattern (we're not even sure that this pattern is suitable for this project), and me and my mates have a couple of questions.
We're designing a simple applications for displaying files with regards to permissions.
Suppose "Joe" is currently logged in to the system, where would be the correct place to save "Joe" as the active user?
What are the roles of the controller in this context? Suppose "Joe" wants to log in to the system. He enters his password and clicks log on, should the view validate the details directly with the Model? or should it ask the controller to do it for him?
Suppose that the login is successful, what should happen now? Should the View listen as an Observer to the model and wait for a response that the login is correct and then switch windows? or should the Controller have a method called boolean ValidateLogin() which the view calls and acts accordingly?
As you can see we're very confused, any help would be appreciated.
Session / Database / Configuration File (is this a single or multiple user system?)
In some web frameworks*: the view passes the login data to controller, passed to model which would validate, return the result to controller, and give the correct view as response. Surely it's also fine if the view wants to directly validate the data to the model, but IMO view-model communication should never have any logic involved, only data update notification.
I think it's partially answered in answer 2 above. The controller should be able to destroy/change the login view though (when the login successful, normally the view should change accordingly).
*This is because in web application, usually view cannot directly talk to model, as opposed in desktop application. This is still an MVC, only a variation called MVA.
For your requirements, I suggest you use this project MembershipStarterKit to start with.
It has samples that do basic authentifacation and role management.
It also use the .Net membership provider so that you don't re-invent the wheel.
Store it in session
Any client side validation can be done by the view directly with the model(Through DataAnnotations). And for database calls it goes through the contoller
On successful login, controller will render the corresponding view
Related
Into an Universal windows app I want to check user's authentication during page load, or after that an user as navigated to. This permits me to offer a navigation filtered by authorizations with a single page granularity.
For example, if an user didn't login and a page requires authentication, user has to be redirected to a login page.
The problem comes when I try navigate to an other page from the OnNavigatedTo event, when previous navigation is not completed and the new fails. I've searched for other events like an OnNavigationCompleted, but I don't find anything. If I use an asynchronous method without waiting it works, as if I use a timer dispatcher, but both solutions doesn't sound like so clean.
Exists a method to handle an event raised after navigation completed or I have to pre-check authorization during navigation call? I hope to avoid this solution because a wrong call could show an unauthorized page.
If you really want a separate page according to this answer https://stackoverflow.com/a/19527979/4788286 you could probably use the loaded event. But I'd test it before just to make sure.
Sidenote: also, your question implies that you're doing business logic in the view codebehinds - this is bad practice, I suggest looking into the MVVM pattern. (If you need a framework I suggest MVVMLight or PRISM)
I think the precheck would be the best method. Check if they are authorized to view the page before they can navigate to the page. If they are not authorized ask if they want to log in or purchase rights to the page
I am writing MVC3 web app I need to know at server side when user navigate from one web page to another. I do not need to know from what pages page to which just fact that user navigated. I could find this by adding Session variable to every Home Controller Actions but maybe there is better solution?
Use a global filter attribute for al your controller actions. You can set that attribute in the global asax. In that case you know when an action is hit.
You could try sending AJAX request bound to onbeforeunload browser event.
Basically, it happens on the client side, so the programming should also be in client. Javascript could be the way to go. Though it may deliver some inconvenience to the user.
I am using ASP.NET 3.0 MVC with membership provider. I have to make modification to the default implementation we get with membership related code. I have to move LogOff Hyperlink in the master page. Initially this link is in-visible but once authentication is succesfful I need to make it visible. This action will happen from Controller for authentication and I am not sure how to access the hyperlink defined in a master page from a different controller. Any ideas how this could be achieved keeping the spirits of MVC design?
You could create another action in your AccountController to determine if the log off link needs to be displayed. This action has a partial for the html. Call this new action from the master page and check in that action if the log off link needs to be displayed.
#{ Html.RenderAction("displayLogOff", "Account"); }
I'm not sure why you need to make a modification, as this seems to be the default behaviour, but typically you would use a partial view to display the log off hyperlink. This partial view can run an action, and in this action you would send a model to the view which could include a flag for if the user is currently authenticated. Alternatively, you can just check Request.IsAuthenticated in the partial view directly.
I'm not sure I understand. The default implementation already does this. It works regardless of what controller you're using. The reason is that the master page uses a partial page that specifies the method and controller.
I'm using the standard forms authentication registration that comes with MVC 3.
I want to add a few checkboxes to that form that indicates what kind of user the registrator will be. Depending on the checkbox choice the user will be redirected to another get method where additional information can be added.
The problem is that I don't want these methods to be accessible in any other way (like typing the url for example). Only in this specific case these these methods can be accessed.
My first idea was to create a session in the post method of the first registration form and check in the get method if the session exists. But this seems like a less elegant way.
Does anyone has a safer solution for this problem?
You should be able to use the [ChildActionOnly] attribute: found here on MSDN.
I am rewriting a client's application from a crappy built as one huge blob of a project into a MVC application for obvious reasons.
In doing a view for pieces of it I am noticing the original programmer has plenty of statements where they change up images or put in different links based on the logged in user.
How does everybody that writes MVC applications handle this? Do you pass the username from the controller to the view to do this simple logic or should the controller handle all of that?
This should be set up either in the controller or the session, with generic place holders for the links.
i.e. if in Session
$_SESSION['userLink1']= "URL";
//Later in the views create it as this
<a href="<?php echo $_SESSION['userLink1'];">
Keep in mind this assumes that these images/links will consistently be there regardless of the user, only that the link content itself will change. If its on the user level as you described, load all the links into the session once at log in and the views will yank them out appropriately.
To actually get them in the session use your login controller to set them up upon the successful log in and when starting the session populate in some default place holders if non authorized users can also view the given pages.