I am novice to MVC4 environment. And trying to restrict access to specific controller on basis of role.
[Authorize(Roles = "Administrators")]
public class AdminController : Controller
{
}
It work fine and ask for user credentials. But I don't want it to ask for credentials. Rather it should check automatically the role of window user. And if he is member of specific role, allow him to access website page.
Can you please guide me how to do that?
With help of #Wiktor comment I was able to conclude to solution for it.
See my answered comment at - Window authentication not working in MVC4
Related
I am looking for days for the right solution. I am have user name and password stored in my DB.
I want only specific users to get access to some controller methods. How can I implement it, checking by User Id if he has permission or not?
Thanks!
You can implement basic authentication in web api , adding [Authorize] attribute on specific controllers which need provider user's credential . Please refer to below article for code samples :
https://codeburst.io/adding-basic-authentication-to-an-asp-net-core-web-api-project-5439c4cf78ee
https://beetechnical.com/rest-api/how-to-validate-rest-api-using-basic-authentication-in-web-api-net-core/
https://jasonwatmore.com/post/2019/10/21/aspnet-core-3-basic-authentication-tutorial-with-example-api
I'm logging in the user via an AccountController. The user is authenticated against Active Directory. A user claim is created with a name attribute with their user name. I'm using CookieAuthentication.
I want to authorize against an existing user table that will provide the role(s) for authorization. In ASP.NET MVC I set up a custom authorize attribute but that doesn't seem to be available. I've seen some very elaborate examples (using authorization policies, etc) for authorization. They look great but I'm actually doing something rather simple.
I want to be able to decorate the controller or action method with the role(s) required. For example:
[CustomAuthorize(Roles = "Admin")]
Could someone provide a simple example or point me in the right direction?
I am not sure how to ask this but here it goes. I am trying to make a route or URL from a controller will be only available to access after login of the user. I don't know to find these code in asp.net core 2.1. I know how to do it for its view part.
#if (SignInManager.IsSignedIn(User)){ //authorized section }
But I am not sure about the controller/route parts. So, I need your help to make learn this properly.
Thank you.
I'm not sure exactly what you're asking. If your question is how you can make the route not exist at all, that is impossible. If it's exposed, it's exposed. However, you can force a user to be authorized to access it, which brings me to the next possible interpretation: how do you force a user to be authorized in order to access a particular route. That is simple; you just decorate the action with the Authorize attribute:
[Authorize]
public IActionResult OnlyForAuthenticateUsers()
You can also decorate the controller class, instead, which will protect every action in the controller:
[Authorize]
public class MyController
If you just need one or so actions to be open, such as a "signin" action in a controller that otherwise has actions only available to authenticated users, then you can utilize the AllowAnonymous attribute:
[AllowAnonymous]
public IActionResult SignIn()
Finally, the Authorize attribute also lets you specify roles and/or policies that must be satisfied in addition to being authenticated. For example, to lock down a particular action to only "Admin" users, you might do something like [Authorize(Roles = "Admin")].
Can any one explain me how to create User Accounts under super admin with accesses and restrictions in ASP.Net MVC4.
You can have a look at this example in the asp.net website, which shows how to implement Membership and Authentication in MVC3 but this applies to MVC4 too.
You first need to setup your database for Membership
Create a SQL Database and call it what you want. If your application already uses one, you can use it for Membership too.
Assign and user and password to the Database.
Run the ASP.Net SQL Server Setup Wizard located in your .NET
Framework directory. The wizard is called aspnet_regsql.exe.
You can find more information about this process in this msdn article.
Once you have setup Membership, you would be able to designate Actions or Controllers that only SuperAdmins will have access to.
[Authorize(Roles = "Superadmin")]
public class SomeController : Controller
{
// Controller code here
}
I am creating an MVC4 application that uses ADFS SSO login. I am trying to configure Roles so that I can restrict the Admin portion of the content But I am having some problems. I am hoping someone will be able to tell me how I can go about creating Roles when using ADFS? I have the pages restricted successfully I just need now to be able to Add the actual role itself and I am hoping someone can help me out.
In my Global.asax file I have enabled Roles using the code:
System.Web.Security.Roles.Enabled = true;
And on my HomeControllor I tried using the following code:
if (hvm.User.isAdmin == true)
{
if(!User.IsInRole("Admin"))
Roles.AddUserToRole("jpmcfeely", "Admin");
}
This results in the following error:
This method can only be called during the application's pre-start initialization phase. Use PreApplicationStartMethodAttribute to declare a method that will be invoked in that phase.
Any suggestions would be greatly appreciated.
The easiest way is to configure ADFS to map AD groups to roles.
ADFS : Sending groups as claims.
e.g. map "Token-Groups - Unqualified Names" to Roles. Then IsInRole works OOTB.