Page 1 of 1

Reroute to Login in ASP.net MVC using Authentication

#1 coden4fun  Icon User is offline

  • if(coden4fun.NotTired){ ContinueToCode(); }
  • member icon

Reputation: 27
  • View blog
  • Posts: 696
  • Joined: 27-February 09

Posted 11 March 2010 - 12:39 AM

OK, so let's say you have these secret pages, and you want to make sure that nobody who is unathorized to view them can't. What do you do?

Well if you already have a database for users and roles, which most people who make websites like this will have all you have to do in ASP.net MVC is call the authorize attribute, and then go into your web.config file and add an authentication tag and a form which leads back to your Log in page. And, that is the awesome part. If you do the following in that order simply call an entire controller to be authenticated or a certain function within that controller to be authenticated and add some code to the web.config file you have stopped your pages from being viewed by the average computer user who doesn't have a login (I'm excluding those who do javascript Hijacking, or other forms like Psychocoder discussed earlier this week for now).

OK, so let's get to the code.

Add this to completely block unauthorized users from an entire Controller, which will block them from all pages that are created, and rendered using that controller by doing the following
   [Authorize]
    public class CarbonToolsController : Controller
    {
        // GET: /CarbonTools/UploadCSS
        public ActionResult Index()
        {
            return View();
        }
     }



Block unauthorized users from viewing a certain page from a controller by using the Authrozied attribute at the function level like the following;
        [Authorize]
        public ActionResult CompanyList()
        {
            return View(_contentRepository.List<CompanyPage>());
        }

        [Authorize]
        public ActionResult ServiceList()
        {
            return View(_contentRepository.List<Service>());
        }



Authorize only people in certain roles to gain access of certain functions or pages with the following;
        [Authorize(Roles="Admin, Alumni")]
        public ActionResult CompanyList()
        {
            return View(_contentRepository.List<CompanyPage>());
        }

        [Authorize(Roles="Admin, Alumni, Moderator")]
        public ActionResult ServiceList()
        {
            return View(_contentRepository.List<Service>());
        }


Don't take the code above too seriously where only Admins and Alumni can populate the list from Company, but all can populate the list from Services, because it is JUST AN EXAMPLE.

OK, so now that you have these controllers and/or functions properly authorized let's create that reroute to the Log in page. Let's say that the login page is in the following directory.
/CarbonAuth/LogOn

and if that is the case then when we go to our Web.config file we can do the following;
<authentication mode="Forms">
      <forms loginUrl="~/CarbonAuth/LogOn" timeout="2880" />
</authentication>



So now if a user who isn't logged in or a someone who can be authenticated isn't logged in and they tried to go to a Url of CompanyList they would be kicked to the Login page, and only if they are successfully authenticated will they be redirected to the CompanyList page.

The following image below shows the browser url: at the login page with a redirect URL going to the CompanyList page only if the login is successful.

Attached Image

Well I hope this helps someone. Happy Coding! ;)

Is This A Good Question/Topic? 0
  • +

Page 1 of 1