Ok, so I have implemented a custom ExtendedMembershipProvider for use with an MVC4 application, all of this is wired up and working ok however I have been having an issue with the forms authentication cookie.
I am creating my own cookie which is fine when calling my login process directly however if I use the WebSecurity.Login function I can't seem to control the cookie myself.
So this leads me to my question, WebSecurity.Login takes three parameters (one of which is optional):
public static bool Login(
string userName,
string password,
bool persistCookie (optional)
)
Now this function invokes the ValidateUser function on the ExtendedMembershipProvider which only takes two parameters:
public abstract bool ValidateUser(
string username,
string password
)
Where does the persistCookie parameter go? Does WebSecurity.Login handle the cookie generation itself and if so how can I override this?
Any help is much appreciated guys!!
WebSecurity.Login probably executes following code:
static bool Login(string userName, string password, bool persistCookie)
{
if(System.Web.Security.Membership.Provider.ValidateUser(userName, password))
{
System.Web.Security.FormsAuthentication.SetAuthCookie(userName, persistCookie);
return true;
}
return false;
}
If you want to change behavior, change this snippet in accordance with the guidelines from following answer.
Related
I dont want the users to put in method names and their parameters manually and mess with the method. Im aware i can check for unvalid inputs but what if I call a method that generates an access code and passes that into the main controller with the all the other parameters. If the access code. Then decide that access code, if valid proceed. Is this a little too much and too crazy? What other options would you suggest
Public IActionResult MainMethod(string input, string accesscode)
{
//check if access code is correct. I can figure out the decode process and stuff
}
Public IActionResult GenerateCode(string Inputt)
{
// generate a code
Return redirectToAction(“MainMethod” new {input=Inputt , accesscode=accesscode}
});
In View when a button is clicked, I call GenerateCode first
Since you pass Inputt and generated accesscode from GenerateCode to MainMethod,why not only pass input to MainMethod?And then call a method to accesscode,and then check the accesscode in MainMehtod.
public IActionResult MainMethod(string input)
{
string accesscode = GenerateCode(input);
//check if access code is correct. I can figure out the decode process and stuff
}
public string GenerateCode(string Inputt)
{
// generate a code
return accesscode;
}
I'm using windows authentication with no roles setup, I simply have some admin names stored in a table that I want to check against in combination with the authorize attribute. I don't have much experience using this, but the only examples I see are hard coded values like below so I'm not sure if this functionality is available or if I'd need to add it.
[Authorize(Users = #"domain\user1, domain\user2")]
Any suggestions will be appreciated.
I ended up adding this myself, very easy to do.
public class AuthorizeUser : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string[] admins =
//get user names
if (admins.Contains(httpContext.User.Identity.Name))
return true;
return false;
}
}
Then to use just
[AuthorizeUser]
We need to pass extra info together with the Username and Password from a mobile client with Authentication. Is it possible to inherit from CredentialsAuthProvider and define extra data members that can then be extracted by the server?
Have you seen the Custom Authentication and Authorization section of the wiki? You should be able to access any extra info you pass with the Username and Password doing something like...
public class MyAuthProvider : CredentialsAuthProvider
{
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
var extraInfo = authService.RequestContext.Get<IHttpRequest>().GetParam("extraInfo");
//Add here your custom auth logic (database calls etc)
//Return true if credentials are valid, otherwise false
}
}
I tried
public function getName()
{
return 'TEST';
}
in UserIdentity.php but it doesn't seem to change the value of Yii::app()->user->name
In the class UserIdentity that you defined you'll need to set a new state by using setState(name, value) method.
For example in the method authenticate if the user is good:
//if the user is good (good login and good password)
$this->_id=$record->id;
$this->setState('name', $record->name);
$this->errorCode=self::ERROR_NONE;
Then you will be able to call Yii::app()->user->name
A complete example in the Yii guide
The setState() documentation
Could anyone give me any good link to log in function in monorail c#?
I am a newbie to monorail c# and need to implement one log in function.
Thank you.
Mealea
Here's one from Ayende Rahien
Like in Ayende's solution, the best way is to just use the ASP.net authentication mechanisms. Here's an example action on a LoginController:
[AccessibleThrough(Verb.Post)]
public void Authenticate(string username, string password, bool autoLogin, string returlUrl)
{
SomeWebServiceAuthenticationProvider wsSecurity = new SomeWebServiceAuthenticationProvider();
bool isValid = wsSecurity.ValidateUser(username, password);
if (isValid)
{
//first perform a logout to make sure all other cookies are cleared
InternalLogout();
FormsAuthentication.SetAuthCookie(username, autoLogin);
PropertyBag["username"] = username;
PropertyBag["password"] = password;
PropertyBag["autoLogin"] = autoLogin;
//redirect back to the Home page, or some other page
if (!RedirectToPreviousUrl()) Redirect("home", "index");
}
else
{
Flash["auth_error"] = "Invalid user name or password.";
RedirectToAction("Index");
}
}
You can substitute some other authentication mechanism in place of 'SomeWebServiceAuthenticationProvider"... the point here is that we're just calling the standard FormsAuthentication methods.