Can any one explain me how to create User Accounts under super admin with accesses and restrictions in ASP.Net MVC4.
You can have a look at this example in the asp.net website, which shows how to implement Membership and Authentication in MVC3 but this applies to MVC4 too.
You first need to setup your database for Membership
Create a SQL Database and call it what you want. If your application already uses one, you can use it for Membership too.
Assign and user and password to the Database.
Run the ASP.Net SQL Server Setup Wizard located in your .NET
Framework directory. The wizard is called aspnet_regsql.exe.
You can find more information about this process in this msdn article.
Once you have setup Membership, you would be able to designate Actions or Controllers that only SuperAdmins will have access to.
[Authorize(Roles = "Superadmin")]
public class SomeController : Controller
{
// Controller code here
}
Related
I have developed a simple asp.net core razor app with Windows authentication to be used in our intranet, hosted on prem.
In order to distinguish a normal user from admin user (the the user who is allowed CRUD), I check for the logged in user principal against the AD group member. I have a static helper function which does that.
At the moment I use a public flag on each page by calling that helper function, to be used in the razor page to show/hide the edit/delete buttons.
Is it possible to run this function only once (say, in the index page) and set a global flag to be used across all pages?
It sounds like you need a cache server to store the data fetched in the static helper function.
Of course, from your current design, the least code change is to use redis cache. Then inject the middleware of redis cache into Controller or Razor Page.
If global variables are used in .net core, an object can be set when the program is initialized to store userid and read-write permission. But when running the static helper function, the data may not be dynamic and real-time. So I think the design might be flawed.
But I think you should use Role-Based authorization in your project. Because you also use Azure AAD. So I recommend you to read the article below.
IMPLEMENT APP ROLES AUTHORIZATION WITH AZURE AD AND ASP.NET CORE (Microsoft MVP's Blog)
I am new to working with Blazor and Authorization. Background is desktop apps in Vb.Net, so I have been reading everything I can on it, but it still is very confusing when I only want a specific subset of the options out there.
I have a very simple intranet Razor Server based app that is getting the windows user name correctly with default authentication. (I use the name in calls to stored procedures for logging, so I know that is working correctly.)
What I need is to implement authorization (role based would be fine) based on information I have already in the database tied to the user name).
Where and how does one add roles to an existing authstatetask or other object instantiated by the default processes?
Everything I have seen deals with the EF version of Identity or wants to override the authorization task.
I have Simple DB calls being made in Dapper which will return an identifier from which I can set roles.
I just need pointers to the proper method and where in the app I should put it. I have just a single .razor page being loaded, Navbar is disabled.
You can either :
Implement Identity stores for Dapper following instruction in this blog : ASP.NET CORE IDENTITY WITHOUT ENTITY FRAMEWORK
Use Policy-based authorization and create authorization handlers meeting your requirements
Here is my development environment:
Intranet Website
Active Directory Authentication/Authorization
Asp Net Core
I am trying to get the data stored in Active Directory attributes when a user enters firstly to any page in our application. All users rights and permissions, employeeid, studentid, etc.... are stored in AD Attributes and Security Groups. Some Attributes need to be displayed on the website too.
Let's say my website got the following urls...
http://mysite/Home/Index
http://mysite/Student/Index
http://mysite/Student/MyJobs
http://mysite/Staff/Applications
etc....
Any users can go onto some areas/urls of the website freely from other Intranet portals and I don't know where should I write the code to fulfill that criteria. The problem is that, there is no specific entry point to the application like http://mysite/Login or Authenticate, etc. If there is, I could load all users details and rights from AD on that single entry point.
In MVC5 era, I used Custom Global Authorize Attribute and put it on the BaseController is inherited from all other controllers to load that AD data. I put the AD's data into Session on the first hit and use the Static Class to display on Views and use in Controllers. But when I did some research in MVC Core, some say that it's outdated and I should use the Authorize Policy instead of custom Authorize Attributes.
Getting the data from Active Directory is already achieved by using my old webservices and we don't need to worry about .Net core not supporting AD yet.
I looked at the tutorials about Policy and saw something about Claims and Custom User Managers. I couldn't decide which one I should use to load data from Active Directory to the object (probably Scoped Object DI) which lasts for the whole user's session.
Should I load the data onto claims attributes
Eg...
var claims = new List<Claim>();
claims.Add(new Claim("UserName", "John.Smith", ClaimValueTypes.String, Issuer));
claims.Add(new Claim("RefNo", "02343001", ClaimValueTypes.String, Issuer));
claims.Add(new Claim("Email", "MyEmail#email.com", ClaimValueTypes.String, Issuer));
Or Should I write customized SignInManager and IdentityUser?
Eg...
public class ApplicationUser : IdentityUser
{
public string RefNo { get; set; }
public string Email { get; set; }
}
Is there anywhere I could put my code to check AD and load data?
And should I store the data in that Claimed Object rather than using Session Data?
Could you guys please advise me? Feel free to criticize if I miss anything and my idea is not working.
You're right in saying there's no System.DirectoryServices yet (it's on the backlog, I promise) so there are a couple of places to do this.
If you're already using Integrated Authentication you have SIDs for group membership, which are resolved when you call IsInRole(), so you can use role based membership (rather than Claims based) to solve basic authentication problems.
However if you want to support a forms based mechanism then you should look at using the cookie middleware, raw, to at least give you a simple login, calling your web service to validate your login. You could query your API in the controller code, and write an identity cookie. This cookie automatically encrypted and signed, so it can't be tampered with.
The problem comes when you want roles, and attributes. If you head down the cookie route you might be tempted to put all of those as claims in the identity before writing the identity out as a cookie. This might work, provided there are not too many - cookies have a maximum size (browser dependent, but under 4k usually). You can used chunked cookies, but there's a performance impact here. Instead you might use a reference cookie, where you put in a reference to another store where the actual fully populated identity is stored, be it session, redis or something else.
Then in the claims transformation middleware you can pull the reference out, go to your store, and rehydrate the identity.
I'd honestly avoid trying to merge all of this into ASP.NET Identity. That's mean to be the sole source for user information in an application, and in your case that's not true. Your sole source should be AD.
There's also a port of Novell's ldap library to core, which should stand in nicely for DirectoryServices should you want to avoid your web services approach.
Will anyone tell how we can apply the login Functionality in mvc application with NHibernate.
Please build a controller and a related view for this functionality. In the controller you can have a method to check authentication, create new user and set proper roles. The view can be simple using TextBoxFor() razor control on client side and Viewdata dictionary for client server data transfer. The model can be a class based entity using nhibernate. This a very general implementation of mvc which can be used for any web application.
I'm a student intern and I've been assigned a project where I have to redesign their customer support webpage. I am new to ASP so they asked me to migrate the code to MVC 4 so I'll learn it for future projects.
The webpage has form authentication using custom classes, extending MembershipProvider and RoleProvider and the data is displayed with asp:SqlDataSource queries, defined directly inside .aspx files.
As I've learned, the point of MVC is to separate the front-end (view), controller and back-end (models, db access). I've done some progress towards that, but I have problems at authentication. I've managed to enable login using explicit MembershipProvider and RoleProvider initialization (which should be done automatically as configured in Web.config). With calling the MembershipProvider.ValidateUser() and FormsAuthentication.RedirectFromLoginPage() I verify user details and store their username to preserve it upon navigation.
This works, but removes all the functionality of WebSecurity methods, also the specific authorization, e.g. [Authorize(Roles = "...")], doesn't work as expected, it doesn't authorize any role. The MVC sample project in Visual studio uses SimpleMembershipProvider for user authentication, but I haven't found any projects or tutorials on how to implement custom authentication same way as I did with extending MembershipProvider class and overriding its methods.
The problem is that there is already a T-SQL database with a lot of users, who are linked to other services, so obviously I can't alter it in any way nor can I create new database / tables. The projects I've looked at create databases from scratch, I haven't found any project using custom authentication / authorization using WebSecurity and existing database.
I'd like to ask you for any advices, examples or links to projects or tutorials where I could see how to implement WebSecurity instead of FormsAuthentication. As I've mentioned, I already have a fully functional MembershipProvider and RoleProvider and I belive that SimpleMembershipProvider and SimpleRoleProvider have similar methods, so it shouldn't be that hard on this part. Also, I don't want to mix Webforms and MVC, I want pure MVC application.
I'm using ASP.NET MVC 4 with C# and Razor engine, T-SQL and LINQ to SQL for database access.
It's been my experience, when migrating old pages from webforms to mvc, that you kind of have to 'forget' that it was ever a webform page to begin with.
to more directly answer your request for help resources, maybe this will be useful: http://kylehodgson.com/2013/01/08/asp-netmvc-web-security-basics-csrf/