CODEWITHSUNDEEP
c#asp.net-mvc-4
Bill Jones
Bill Jones

Reputation: 701

Custom Authentication in ASP.NET MVC 4 app

I'm migrating an old ASP.NET Web Forms app to ASP.NET MVC 4. I'm not very familiar with ASP.NET MVC, so I apologize if this is a dumb question. In short, my ASP.NET Web Forms app used the following line of code to redirect the user when the logged in:

FormsAuthentication.RedirectFromLoginPage(username, true);

I assumed I could just copy and paste this code over. However, I noticed that it attempt to redirect the user to "default.aspx". What is the MVC equivalent of this call?

Thank you!

Upvotes: 4

Views: 4350

Answers (4)

Kevin Junghans
Kevin Junghans

Reputation: 17540

In MVC 4 if you create a new application and select the option for Internet application the template will wire everything for forms authentication and will set you up to use the SimpleMembership provider, which makes it easier to customize user profiles and adds support to easily plugin OAuth. You should have the following entry in your web.config.

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

This tells the application to redirect to the loginUrl if the user is not authenticated or authorized. Then you just use the AuthorizeAttribute on either your controllers or actions. You can add roles to this attribute if you want to use roles-based authorization or just use it without roles. Here I added an AuthorizeAttribute to the Contact action for the HomeController.

    [Authorize(Roles="Admin")] 
    public ActionResult Contact()
    {
        ViewBag.Message = "Your contact page.";

        return View();
    }

This action is on the default HomeController that is created by the MVC 4 Internet template. The user experience will be that if they click on the Contacts tab on the home page and they are not logged in they will be redirected to the logon page. Once they successfully logon they will be redirected back to the Contacts page. So MVC 4 Internet applications have it all wired up for you and you do not have to explicitly handle the redirects. For more information on customizing the SimpleMembership provider you can read this blog.

Upvotes: 0

Aghilas Yakoub
Aghilas Yakoub

Reputation: 29000

You have complete sample here : http://www.c-sharpcorner.com/UploadFile/cd3310/using-mvc-Asp-Net-tools-create-simple-login-form/

View with controller with specific action

    [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult Login(YourModel model)
    {
        if (!ModelState.IsValid)
        {
            return View("Login", model);
        }

        return RedirectToAction("Index");
    }

Upvotes: 0

Brad Christie
Brad Christie

Reputation: 101614

Forms authentication usually provides a returnUrl as a query string parameter (which is what I assume FormsAuthentication.RedirectFromloginPage(username, true) is using.) With that said, add a parameter to your login action that receives in the returnUrl, then use that in your login action.

[HttpPost]
public ActionResult Login(LoginViewModel model, String returnUrl)
{
    if (ModelState.IsValid)
    {
        // perform login
        if (YourFormsAuthentication.YourLoginMethod(mode.username, model.password))
        {
            //
            // Set auth cookie, log user in, etc.
            //

            // Now check for returnUrl and make sure it's present and
            // valid (not redirecting off-site)
            if (!String.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
            {
                return Redirect(returnUrl);
            }
            // no returnUrl provided, direct them to default landing page
            return RedirectToRoute("Home");
        }
        else
        {
            ModelState.AddError("", "Username or password are incorrect.");
        }
    }
    return View(model);
}

Upvotes: 3

RoteS
RoteS

Reputation: 1455

On your logon method in the controller add a parameter string returnUrl.

then check if it is empty or null. If not redirect.

[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
       // Do your login
    // if success
                if (!String.IsNullOrEmpty(returnUrl))
                {
                    return Redirect(returnUrl);
                }
}

In your view also pass the returnUrl (which will be Request.Url)

<%: Html.ActionLink("Log On", "LogOn", "ControllerName", new { returnUrl = Request.Url }, null)%>

Upvotes: 1

Related Questions