I am using Visual Studio 2015 Community Edition and created a Web project using MVC and Web API (both selected) with Individual User Account as authentication method.
I noticed that the scafolded template varies in some ways, I now see an AccountBindingModels.cs file, I do see the Account Controller class but I see it references the /api path rather than the usual /Account and I do not see any Account Controller views.
So, if there are no account controller views how can I add supplemental profile information if there is no view to modify?
I also do not see the usual "Log In" link that was at the top of the page layout. I only see an API link at the top next to Home but it takes me to a Help area. If I attempt to go to /api/Account/Register I am asked if I want to save or open Register.
I have invested quite some time on other modifications and now I notice this so it would be very unproductive to start again from scratch.
Basically I want to be able to use both webapi and MVC to perform authenticated requests. I don't see how users can login on the MVC site or even request protected views because there seems to be no login form on the MVC5 website.
I had similar issue. Got around it by choosing MVC template and then checking the Web API check box in the "Add folders and core references for:" check box area.
So, MVC and Web API are checked. This gives me the account views and more scaffolding.
If I choose the Web API template, it defaults to both MVC and Web API checked. But does not give me the account views and ... Maybe that helps.
I had the same issue today and I was using the VS 2015 Enterprise. #jumoro was right, you have to add the MVC template (not the WebAPI one) and it will add all the account related views. At least it does that in the Enterprise edition.
Another solution is to download the Nuget Identity Sample, which will provide you with the necessary model, controller and views.
Related
I just started to working in Sitecore. I am developing a web application in ASP.NET MVC 5.0 to create / edit some content in Sitecore. I am looking for the best way for authentication in web application (MVC) using existing Sitecore users. User management part will stay with Sitecore, just need authentication (login) in web application against Sitecore users. Can I use Identity concept of ASP.NET for the same?
Sitecore use Membership providers.
Normally create for web users a new domain. so not the same as CMS users.
See This:
http://fes-sitecore.blogspot.nl/2015/02/using-membership-with-sitecore.html
And the Documentation from Sitecore:
https://sdn.sitecore.net/upload/sitecore6/sc61keywords/membership_providers_a4.pdf
I have done this in the last few weeks.
What you will need first to to create a Role in Sitecore that your Extranet (siteusers) will get logged in against. Create a user and assign them to this role.
You will need to go to the security editor (i think) and select the 'everyone' role. Allow everything and inheritance from the top of the tree. (green cross on the content item)
For the item you wish to lock put a red cross against the inheritance
Then select your created role and put a green cross in inheritance against the item you wish to allow this role to see
From Sitecore: The idea is allow everything for everyone and break inheritance to secure it by adding a red cross to inheritance.
From the website: The idea is that everyone (siteusers) don't have access to the page and will get redirected. People in your new role will go to the page.
Next take a look at the post above but in your site settings you need a configure the location of your login page.
After these steps you should be able to navigate to the page and get redirected to your login page (Make sure you are not in the content editor)(incog mode google chrome)
So finally you can use the Sitecore.Authentication namespace and there are method on there to authenticate and check if a user is in a role ect.
Take a look at https://sdn.sitecore.net/upload/sitecore6/sc61keywords/security_api_cookbook_usletter.pdf
Hope this helps. Any questions just ask. Its hard to explain in text :)
Aki,
You can leverage the sitecore authentication which is very useful, I am using this in my all projects since sitecore 6.5 to 7.5.
you just have to explore few APIs of sitecore membership, there you will get
How to create roles
how to set users in roles.
And how to provide proper security or limited access to a particular role.
How to set custom data for users also.
Make sure you are not using sitecore domain for web users, use extranet domain. Sitecore domain is only for user who are supposed to login into sitecore dashboard.
Hope this will help you..
Cheers!!
I built my web application using asp.net mvc3. I need to add admin pages to monitor and manage all user accounts and their posts.
Right now, admin and regular web site are sitting in the same web application. if I only made a small change for the admin pages, i still need to compile everything. is it a way separate them, so I only need to upload admin without touching the web site. the only solution I can think of is to create another web app. is there another way to do it?
You can separate your mvc application into Areas
http://msdn.microsoft.com/en-us/library/ee671793.aspx
Areas help you better organize your application it won't let deploy just that area, but VS2010 does have some good deployment features. Her's a good article
http://weblogs.asp.net/scottgu/archive/2010/07/29/vs-2010-web-deployment.aspx
I am planning a new portal solution in ASP.NET MVC. I need to be able to have some parts of the site visible for everyone (public part) and a part where only registered users are allowed to visit. In traditional Web Forms the security was made on folder level, but how about ASP.NET MVC? Could someone please explain me how to do this - or if its more beneficial to go the web forms way.
/H4mm3rHEad
Security is mostly done on the Controller or Action level via attributes. More information on the Authorize attribute can be found here:
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute%28VS.100%29.aspx#using_authorizeattribute
You can easily see how it works by going File-> New MVC project and checking out the AccountController.cs file inside the /Controllers/ directory.
Be aware the answers by Vitaly and Agent_9191 are not current and reference mostly preview MVC builds. Those articles may reference code and or functionality that does not exist or has been depreciated.
Take a look at this post talking about the AuthorizeAttribute. It can be applied to specific actions or an entire controller.
We are using MVC on IIS6. Our site is currently being opened up, but we need to restrict access to the register part of the site, but allow those who can register (i.e. from within our offices) still to sign in and use the site fully.
So inside office can access register and all other site.
Outside office cannot access register and but can access all other site.
Initially, we put file restrictions for the IPs of our offices on the register.aspx file in the views\accounts folder. We were pretty sure this was working, but today, we discover it isn't! Which thinking about it actually makes sense!
So is this possible?
We need to have the other aspx pages in the views\accounts folder usable as views whilst only blocking the register view.
Hope this makes sense!
Neil
Urls defined with ASP.NET MVC are configurable and not based on the folder or file where view page resides.
This means that you cannot use IIS to configure the access for this view pages.
You can filter access to the controllers (and so indirectly the view pages that are called by the view pages). This is done with Action Filtering. On how to create a custom action filter see this page.
So yes, it is possible to limit access to certain pages depending on the ip-address.
I have come across this kind of situation before, but the problem was solved by the way we write applications.
Whenever we've had an application with "some information displayed" and "a way to administer the data" we've always created separate UI projects over the top of the business logic. This isn't just to help with maintainability, it also means that the public bit can be deployed on a public website, while the admin bit can be accessed over the network - so there is no external access at all.
In your example, extracting out the two logical elements would mean that you can deploy two separate web projects with different access rules in IIS.
Another option would be to check the IP address in the executed code for the restricted page - IP addresses can be spoofed, so it's not a completely secure solution.
I have an MVC application that among other things contains a small Silverlight menu that is displayed as part of the .Master page used in most pages.
I have also written a MembershipProvider (and a role provider) that uses my app's database for authenticating and authorizing users. Works fine.
However, I want the Silverlight menu to contain some extra items if the user is in the admin role. Of course one possibility is to make two Silverlight menu applications and choose which one to display based on the user in the master page. But this has a ring of ugly to me.
The better option would be if the Silverlight app could figure out the identity of the logged in user is and use it to configure itself to show the admin options.
Is there a simple way to do something like this? The MVC application and the Silverlight app(s) are deployed on the same IIS7 server and part of the same solution.
The solutions I have found on the web so far either prompt the user for a separate login inside the Silverlight application, or do a lot of work with WCF services. If I have to, I'll go that route, but I am stuck with a feeling that there should be an elegant, easy way to do this.
I believe firmly in the KISS principle so simplicity is highly appreciated!
Thanks!
I'm pretty much convinced that your Silverlight menu shouldn't have to be aware of whether the user is an admin or not.
If you have a "generic style" menu control that can display any number of items, then I think those items should be communicated. The master view should then decide the items to show. Better yet, a controller should return the items to show based on the user's status and the master view should just render them.
If you have a menu control designed specifically to fit in your web app that isn't really made to show any number of items, then the master view should just set a property or something to communicate this fact.
The rest of your question confused me a bit, but I'm convinced that your silverlight component is not a complete "app" in its own right, just a piece of the presentation.