Basic Login / Authorization in MVC4

Question

I have two Controllers in my MVC4 application that I want to require users to be logged into to access; an 'admin' area of sorts.

I have a database linked class that handles authentication for me in C#, meaning I can do something like this:

LoginUtility lu = new LoginUtility();
if(lu.Login("username", "password") == true){
   // User is genuine
} else {
   // Login failed
}

I want to hook this up to MVC4 so I can apply the [Authorize] attribute to those two Controllers.

Does MVC4 not provide with such an authentication feature, even allowing you to take advantage of the OpenAuth of this world? — Will Marcouiller, Mar 18 '14 at 15:35
[This](http://msdn.microsoft.com/en-us/library/ee707357%28v=vs.91%29.aspx) might help. — Rajesh Dhiman, Mar 18 '14 at 15:35

score 0 · Answer 1 · answered Mar 18 '14 at 15:32

0

You should use a basic Web Application Template, it gives you controllers to edit users and use authentication. Then, you will be able to allow certain controllers, or certain action of controllers. For a controller, you just have to put [Authorize(Roles = "Admin")] tag just before the definition of the controller to just allow this action to Admin Roles.

answered Mar 18 '14 at 15:32

clement

4,204
10
65
133

My Application is nearly complete, I don't really want to do it again with a new template. – John 'Mark' Smith Mar 18 '14 at 15:34
So please create custom membership provider. Check this: http://stackoverflow.com/questions/1655383/how-can-i-attach-a-custom-membership-provider-in-my-asp-net-mvc-application – clement Mar 18 '14 at 15:37

score 0 · Accepted Answer · answered Mar 18 '14 at 15:38

0

I have found doing custom login logic quite the pain. What you need to do is extend AuthorizeAttribute so you can use it on your controllers/actions, and override AuthorizeCore. If you need custom logic to extract the username and password from the request, you can do that through setting the User property on HttpContext in an OnAuthorization override.

answered Mar 18 '14 at 15:38

Martijn

11,964
12
50
96

Thanks. The AuthorizeCore() method takes a HttpContext as its argument, which I don't really understand. This is a simple task but MVC is proving a nightmare for it. – John 'Mark' Smith Mar 18 '14 at 16:16
It gets called on authorisation through MVC JuJu, so you have access to it there – Martijn Mar 18 '14 at 20:02

score -1 · Answer 3 · answered Mar 18 '14 at 15:42

In your web.config add :

<authentication mode="Forms">
  <forms loginUrl="login.aspx" />
</authentication>

And in your controller :

LoginUtility lu = new LoginUtility();
if(lu.Login("username", "password") == true){
 FormsAuthentication.SetAuthCookie(...);
}

Basic Login / Authorization in MVC4

3 Answers3