Wednesday, October 27, 2010

Logging in and Authentication Providers in MVC

First let me state there is no login control in an MVC application. You CAN use one - since you can use ASPX pages and controls in an MVC application. However, if you want to use 'pure' MVC and no Web Forms controls then you should do it the way the Visual Studio MVC template does it.

By default MVC creates a new web application that follows the following methods for logging a user on:
The master page contains a user control which if Request.IsAuthenticated, displays a logoff link, otherwise a login link.

The login view is rendered when the user clicks on the login link.
Upon filling out the details and clicking to submit the login page, the following actions happen:

1. We have a model containing a username, password, and 'remember me' being posted and passed to the LogOnMethod via this signature

public ActionResult LogOn(LogOnModel model, string returnUrl)

2. This model posts to the AccountController
3. The LogOn method validates the model: if (ModelState.IsValid)
4. The LogOn method checks the user against the profile provider: MembershipService.ValidateUser(model.UserName, model.Password)
5. The LogOn method then calls: FormsService.SignIn(model.UserName, model.RememberMe);


The same happens for 'Register'. If you do NOT want any user to be able to be registered, then REMOVE THE REGISTER METHOD or - add security to it such as a SystemAdministrators role:

[Authorize( Roles="SystemAdministrators")]
[HttpPost]
public ActionResult Register(RegisterModel model)
{}
Posted by at No comments:

Monday, October 11, 2010

Code Camp Slides and Code

See the attached zip. Email me if you have any questions.
Some of the 'fixes' are already in place from the live demo so not all of the code is still 'broke', so please investigate. Please read the directions at the bottom of the first slide as to which virtual directories should go where.

Slides and Code (about 10mb)
Posted by at 2 comments:

Code Camp 2010 - Hack Proofing your ASP.Net and MVC Web Applications

The event was a great day indeed at Devry. If you saw my presentation there.. please rate it at:

Evaluations

The evaluations are an important part of code camp. I hope you liked my presentation : )

I will be posting all of the code and slides very shortly, just converting my foot notes to make more sense to others.

Thanks!!!
Posted by at 1 comment:
Subscribe to: Posts (Atom)