CODEWITHSUNDEEP
asp.net-mvcasp.net-membershipforms-authentication
Tobias Pirzer
Tobias Pirzer

Reputation: 1015

Simple user/password protection in asp.net MVC

a very simple problem, maybe someone has a tip for a MVC Beginner like me. I want to Password protect an MVC Application - just on user / password is necessary - I did it via ASPNETDB and SqlMembershipProvider, but there should be hopefully an easier way - in webforms I did it via adding user / password to web.config.

Do I really need to write my own XmlMembershipProvider to solve that problem? If yes, do you know a really simple existing XmlMembershipProvider that can do this for me? Many thanks in advance..

Upvotes: 1

Views: 4622

Answers (4)

Tobias Pirzer
Tobias Pirzer

Reputation: 1015

What I finally did was:

public class MyMembershipProvider : MembershipProvider {
  // ...
  public override bool ValidateUser(string username, string password)
  {
    return FormsAuthentication.Authenticate(username, password);
  }
}

web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" >
    <credentials passwordFormat="Clear">
      <user name="rga" password="XYZ"/>
    </credentials>
  </forms>
</authentication>

...

<membership defaultProvider="XmlMembershipProvider">
  <providers>
        <clear/>
        <add name="MyMembershipProvider" type="Namespace.Of.MyMembershipProvider" 
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
  </providers>
</membership>

So there was no need to change AccountController. Thx for your help.

Upvotes: 5

Ilya Smagin
Ilya Smagin

Reputation: 6152

Why XML MembershipProvider? You just have to inherit form IMembershipProvider and implement the functionality you need.

Upvotes: 0

hwcverwe
hwcverwe

Reputation: 5367

Hi if you have started a mvc project with visual studio, you have standard a UserController. If you look into this class you will find the following method:

public virtual ActionResult LogOn(LogOnModel model, string returnUrl)

You can impelement your own code in this function for validating password and logon.

For example:

public virtual ActionResult LogOn(LogOnModel model, string returnUrl)
{
    if(model.Password == "YourPassword" && model.UserName == "YourUserName")
    {
        FormsService.SignIn(model.UserName, model.RememberMe);
        if (!String.IsNullOrEmpty(returnUrl))
        {
            return Redirect(returnUrl);
        }
        else
        {
            return RedirectToAction("ActionName");
        }
    }
    else
    {
        ModelState.AddModelError("", "Wrong credentials.");
        return View(model);
    }
}

hope it will help you. Regards

Upvotes: 2

uvita
uvita

Reputation: 4124

You don´t need to use any membership provider in order to password protect your application. You simply have to provide a service to validate user credentials. You can look here for an idea on how to do that. Basically, you need to generate a salt and then hash the user password using that salt (and the password provided). Then you store the salt and the hashed password in the DB. Try it, it is not difficult. After you have validated the user´s credentials, you can use the code that I wrote in this SO question to use forms authentication.

Cheers!

Upvotes: 1

Related Questions