Windows Authentication in MVC4
Follow
these steps to enable this in MVC4:
Step 1
Create
an MVC Web Application preferably using Internet Application template or
Intranet Application template.
Step 2
Open
Web.config file and make following modifications:
<!—
<authentication
mode="Forms">
<forms
loginUrl="~/Account/Login" timeout="2880" />
</authentication>
-->
<authentication mode="Windows" />
I
just commented the Forms authentication and added Windows Authentication.
Step 3
By
default MVC apps uses Form Authentication and Simple Membership, so you need to
make it ‘false’ in order to run Windows Authentication.
<appSettings>
<add key="webpages:Version" value="2.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="PreserveLoginUrl" value="true" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
</appSettings>
Step 4
Select
project name in solution explorer and then in the property explorer, click to
enable the Windows Authentication.
These
settings are called development server settings works with IIS Express and they
don’t make any changes in actual configuration settings.
Step 5
In
the property explorer you can disable the Anonymous Authentication if you want
your complete website for authenticated users on development server.
Step 6
If
you already disabled the anonymous authentication as suggested in above step 5
you don’t need to do/repeat this step.
If
you don’t, let’s go and make any controller action for authorized users, as
given below.
Alternatively,
you can use [Authorize] action filter with controller directly instead of
individual action methods to make every action methods for authorize users.
Step 7
Notice,
in above step I’m using [Authorize] action filter with ‘About’ action. So, when
I hit about view page, I’ll be prompted to enter my windows credentials.
Authentication Authorization User & Role Management Using ASP .NET MVC Membership Provider
The Default Project Template Allows user to register and login. We will
look into the details on how it works, Create a database in MS Sql
Server & configure the DB to work with Membership Provider.
Step 1: Start Visual Studio 2010
Select 'New project'
Name the new project as 'AuthenticationAuthorization' then press 'OK'
Select 'Internet Application' select view engine as 'Razor' and press 'OK'
Step 2: Create Database for our project and inherit the default authorization and authentication features.
Create a Database and named it as 'MyDatabase'. Then we want to change the connection string from our default project. For this open the Web_config file in solution explorer.
Change the connection string in the Web_config file according to your server and database.
Now our Database is created and connection is established. Then we want to inherit the authorization and authentication features provided by the Microsoft to our newly created project.
For this go to start>>All programs>> Microsoft Visual Studio 2010
Select 'Visual Studio Tools'
Select 'Visual Studio Command Prompt (2010)' and type 'aspnet_regsql'
ASP.NET SQL Server Setup Wizard appears, click next.
In the given bellow dialogue box, specify our server name, user name, password and database name then press 'next' button
Click on 'Finish'
Our database has been modified. Then we can start to run our project. Click the given below icon to run the project.
Step 3.Run the project
Our home page will like this...
Click the 'log on' link...then try to log on as an invalid user...
Then shows that 'admin' is an invalid user. Shown below.
Now we have to register a new user
A new user named 'admin' has been registered.... and try to login.
Same as above create another user named as 'Anu'.
Here authentication is satisfied...then we want to go to authorization.
Step 4.Role management and authorization
For this we want to assign some roles for the registered users.Go through the given steps.
Step 1.Click the ASP.NET Configuration icon on solution explorer.
Web site Administration Tool will appear; from this we can assign roles for different users. Click on the link 'Security'. Then Click the 'Enable Roles' link...
Then click 'Create or Manage roles' link. And add two roles -'Admin' and 'User'
'Admin' added.
'User' role is also added.
Let to start assign the roles to the users..
Go to Security>>Manage users>>Edit roles
From here we can assign roles to different users. Suppose 'Admin' role is assigned to 'admin' and 'User' role is assigned to 'Anu'.
Then go to the 'HomeController.cs'. Suppose we want to set the 'Home page' only accessible to the users who have the role 'Admin' and 'About page' is accessable to the users who have the role 'User'.
Write the code below to just above the Index() method
And write the code below to just above the About() method in HomeController.cs.
HomeController.cs
Let us run the project to check the authorization..
If 'Anu'(User role) tried to access the Home page she will requested to log on.
No comments:
Post a Comment