<authorization><deny users="?"/></authorization>
I kept the above code snippet in web.config file after authentication and the problem started I am entering the correct credentials but still I am not redirecting to next page after successful login
and my new url is being appended with some query string values
this is my login url:
http://localhost:49841/LMIT/Login
After submitting the login form with correct credentials, instead of redirecting to next page, it still stays on the same page with http://localhost:49841/LMIT/Login?ReturnUrl=%2fLMIT%2fIndex in the url
Ok, try the following code:
[AllowAnonymous]
public ActionResult Login(Users user)
{
Users DbData = (from s in db.Users where s.UserName == user.UserName select s).First();
if (DbData != null)
{
if (user.UserName == DbData.UserName && user.Password == DbData.Password)
{
FormsAuthentication.SetAuthCookie(user.Id.ToString(), true);
return Json(new { ok = true, newurl = Url.Action("/Index") });
}
}
return View();
}
Related
I am writing a web application with ASP.NET MVC, and I would like to call a controller from another controller. More precisely I would like to call a routine in the Login controller, where I do sign in and sign out, from the controller where I allow the normal user to change his/her password. Thus, I check the old password (given by the user in the change password form).
I tried to search in the internet methods to change user (not Administrator) password but I didn't find anything good.
Thank you.
I didn´t called a controller from another controller, instead I called my User Administration Controller AdminController from a View within the HomeController controller (via na input button).
Then the code of my routine EditByUser in the AdminController was written as:
[HttpPost]
[Authorize]
public async Task<IActionResult> EditByUser(string email, string passwordnew, string passwordconf)
{
AppUser user = await userManager.FindByEmailAsync(email);
if (user != null)
{
IdentityResult validEmail
= await userValidator.ValidateAsync(userManager, user);
if (!validEmail.Succeeded)
{
AddErrorsFromResult(validEmail);
}
IdentityResult validPassnew = null;
bool passNewEqPassConf = passwordconf == passwordnew;
if (!passNewEqPassConf)
{
ModelState.AddModelError("", "New Password not equal to Confirmation!");
}
if (!string.IsNullOrEmpty(passwordnew) && passNewEqPassConf)
{
validPassnew
= await passwordValidator.ValidateAsync(userManager, user, passwordnew);
if (validPassnew.Succeeded)
{
user.PasswordHash = passwordHasher.HashPassword(user, passwordnew);
}
else
{
AddErrorsFromResult(validPassnew);
}
}
if (((validEmail.Succeeded && validPassnew == null)
|| (validEmail.Succeeded
&& passwordnew != string.Empty && validPassnew.Succeeded)) && passNewEqPassConf)
{
IdentityResult result = await userManager.UpdateAsync(user);
if (result.Succeeded)
{
return RedirectToAction("Index", "Home", new { email = user.Email });
}
else
{
AddErrorsFromResult(result);
}
}
}
else
{
ModelState.AddModelError("", "User not found!");
}
return View(user);
}
However, I didn't manage to check the old password… The sign in is made on another controller…
I am using windows authentication in ASP.NET MVC.
I want to Logout? So I researched and found the following
The code is based on decompiling the Microsoft.TeamFoundation.WebAccess which has the "Sign in as a different User" function.
public ActionResult LogOut()
{
HttpCookie cookie = Request.Cookies["TSWA-Last-User"];
if(User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value))
{
string name = string.Empty;
if(Request.IsAuthenticated)
{
name = User.Identity.Name;
}
cookie = new HttpCookie("TSWA-Last-User", name);
Response.Cookies.Set(cookie);
Response.AppendHeader("Connection", "close");
Response.StatusCode = 0x191;
Response.Clear();
//should probably do a redirect here to the unauthorized/failed login page
//if you know how to do this, please tap it on the comments below
Response.Write("Unauthorized. Reload the page to try again...");
Response.End();
return RedirectToAction("Index");
}
cookie = new HttpCookie("TSWA-Last-User", string.Empty)
{
Expires = DateTime.Now.AddYears(-5)
};
Response.Cookies.Set(cookie);
return RedirectToAction("Index");
}
Is the above code reliable?
ANd how to redirect to another page like logout succesful
after response.clear??
this is my controller
#region Authentication
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(string username, string password)
{
// Lets first check if the Model is valid or not
if (ModelState.IsValid)
{
bool userValid = itreedb.Users.Any(user => user.UserName == username && user.Password == password && user.Approved == true);
// User found in the database
if (userValid)
{
//
// Save un and pw into cookies
HttpCookie auth = new HttpCookie("auth", Request.Form["username"] + "|" + Request.Form["password"]);
auth.Expires.AddDays(30);
Response.Cookies.Add(auth);
// Redirect the user to the index page
return Json(new { IsValidLogin = true });
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View();
}
When I try to insert my admin informations it takes more than 5 minutes to be authentified .The others pages reload normally. What can I do?
`
I have implemented idel time out functionality. Here when the user is idel for 1 min, we redirect the user to login page. We have kept the track of the url that the user was when the auto logout happened. Eg , of the user is on reset password view and if the auto logout happens the url which i get is as follows
http://localhost/XYZ.Portal/?returnUrl=%2FXYZ.Portal%2FUser%2FResetPassword
the above url is achieved by using the following code
'#Url.Action("Login", "User", new { returnUrl = HttpContext.Current.Request.RawUrl })'
Now when the user logs in again as he is redirected to login page, I am using the following code to redirect him back but the code doesnt seem to work. What am I doing wrong.?
[HttpPost]
public ActionResult Login(FormCollection formCollection)
{
if (ModelState.IsValid)
{
UserBE user = new UserBE();
user.Email = formCollection["Email"];
user.Password = formCollection["Password"];
user = UserBL.AuthenticateUser(user);
if (user.AuthenticUser)
{
if (Request.QueryString["returnUrl"] != null)
{
string returnUrl = Server.UrlDecode(Request.QueryString["returnUrl"]);
Redirect(returnUrl );
}
else
{
Session["Email"] = user.Email;
return RedirectToAction("DashBoard");
}
}
else
return View(user);
}
return View();
}
[HttpGet] login action method:
[HttpGet]
public ActionResult Login()
{
return View();
}
returnUrl I get as XYZ.Portal/User/ResetPassword
Thanks In advance.
You need to return the RedirectResult:
if (Request.QueryString["returnUrl"] != null)
{
string returnUrl = Server.UrlDecode(Request.QueryString["returnUrl"]);
return Redirect(returnUrl);
}
See RedirectResult
Not working. Now my URL becomes localhost/XYZ.Portal
In this case you can do 1 of 2 options:
1) Write:
string startReturnUrl = "http://www." + your returnUrl
or
2) split your returnUrl like:
string viewName = returnUrl.Split('/').Last();
But I think better change returnUrl to just only Name of View that you need
Thank everyone read my topic. But i need your help !
I've got a problem with Asp.NET MVC Action.
In HomePage. I have a link redirect to an action call checkTicket(), but require login.
So, in checkTicket() method. I'm using following code to check permision
if (Request.IsAuthenticated)
{
return View();
}
else
{
return RedirectToAction("Login", "Account");
}
But in action Login of Account controller. How can i return back to checkTicket's View() ?
This is something i want.
HomePage (click) -> checkTicket (require) -> Login (return) -> checkTicket()
Create a cookie that is set, letting you know that the user wants to checkticket but is not logged in:
if (Request.IsAuthenticated)
{
return View();
}
else
{
//The cookie's name is UserSettings
HttpCookie myCookie = new HttpCookie("UserSettings");
//The subvalue of checkticket is = true
myCookie["checkticket"] = "true";
//The cookie expires 1 day from now
myCookie.Expires = DateTime.Now.AddDays(1d);
//Add the cookie to the response
Response.Cookies.Add(myCookie);
return RedirectToAction("Login", "Account");
}
Then in your Login Action, check if the cookie exists like so:
if (Request.Cookies["UserSettings"] != null)
{
string userSettings;
if (Request.Cookies["UserSettings"]["checkticket"] != null)
{
userSettings = Request.Cookies["UserSettings"]["checkticket"];
}
if(userSettings) {
//redirect to checkticket
} else {
// redirect to your normal view
}
}
*Code courtesy of MSDN: write cookie, read cookie