I recently asked this question How to persist anon user selection (ex: theme selection). and started to learn about ASP.NET profiles and their properties in the web config. I tried the answer from the link but i was unable to access profile.newproperty
How to assign Profile values?
This question specifies that web-applications don't support profile out of the box and a custom model based on ProfileBase must be created. The question was answered in 2009 and I wanted to know if this is still the same case.
In a ASP.NET 4.0 web application can I access profile.newproperty with a property i defined in the section in the web.config without needing to code C# except when accessing it.
I just saw your question, yes you are right, the answer I posted was related to web sites and therefore, it doesn't work with Web Applications or MVC
Here I will show you code to work with profiles in MVC using anonymous and authenticated user profiles
Output
Anonymous user - No profile set yet
Anonymous user - profile set
Authenticated user - profile migrated
Web.config
<anonymousIdentification enabled="true"/>
<profile inherits="ProfileInWebApplicationMVC1.UserProfile">
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
UserProfile class
public class UserProfile : ProfileBase
{
public static UserProfile GetProfile()
{
return HttpContext.Current.Profile as UserProfile;
}
[SettingsAllowAnonymous(true)]
public DateTime? LastVisit
{
get { return base["LastVisit"] as DateTime?; }
set { base["LastVisit"] = value; }
}
public static UserProfile GetProfile(string userID)
{
return ProfileBase.Create(userID) as UserProfile;
}
}
Home controller
public ActionResult Index()
{
ViewBag.Message = "Welcome to ASP.NET MVC!";
var p = UserProfile.GetProfile();
return View(p.LastVisit);
}
[HttpPost]
public ActionResult SaveProfile()
{
var p = UserProfile.GetProfile();
p.LastVisit = DateTime.Now;
p.Save();
return RedirectToAction("Index");
}
Index view
#if (!this.Model.HasValue)
{
#: No profile detected
}
else
{
#this.Model.Value.ToString()
}
#using (Html.BeginForm("SaveProfile", "Home"))
{
<input type="submit" name="name" value="Save profile" />
}
And finally, when you are an anonymous user you can have your own profile however, once you register to the site, you need to migrate your current profile to be used with your new account. This is because ASP.Net membership, creates a new profile when a user logs-in
Global.asax, code to migrate profiles
public void Profile_OnMigrateAnonymous(object sender, ProfileMigrateEventArgs args)
{
var anonymousProfile = UserProfile.GetProfile(args.AnonymousID);
var f = UserProfile.GetProfile(); // current logged in user profile
if (anonymousProfile.LastVisit.HasValue)
{
f.LastVisit = anonymousProfile.LastVisit;
f.Save();
}
ProfileManager.DeleteProfile(args.AnonymousID);
AnonymousIdentificationModule.ClearAnonymousIdentifier();
Membership.DeleteUser(args.AnonymousID, true);
}
Related
I have the following account controller
public class AccountController : Controller
{
public IMembershipService MembershipService { get; set; }
protected override void Initialize(RequestContext requestContext)
{
if (MembershipService == null) { MembershipService = new AccountMembershipService(); }
base.Initialize(requestContext);
}
public AccountController(IMembershipService membership)
{
MembershipService = membership;
}
[HttpPost]
public ActionResult Login(LoginModel model, string ReturnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.EmailorUserName, model.Password))
{
.....
}
}
}
from my unit testing project I want to simulate a login
public class AccountControllerTest2
{
[Test]
public void Login_UserCanLogin()
{
string returnUrl = "/Home/Index";
string userName = "user1";
string password = "password1";
Mock<AccountMembershipService> Membership = new Mock<AccountMembershipService>();
AccountController Controller = new AccountController(Membership.Object);
var model = new LoginModel
{
EmailorUserName = userName,
Password = password
};
var result = Controller.Login(model, returnUrl) as RedirectResult;
Assert.NotNull(result);
Assert.AreEqual(returnUrl, result.Url);
}
}
my web config in my main application uses custommembership provider
<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear />
<add name="CustomMembershipProvider" type="QUBBasketballMVC.Infrastructure.CustomMembershipProvider" connectionStringName="UsersContext" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
I keep getting this error
QUBBasketballMVC.Tests.Controllers.AccountControllerTest.Login_UserCanLogin:
System.Web.Management.SqlExecutionException : An error occurred during the execution of the SQL file 'InstallCommon.sql'. The SQL error number is 5123 and the SqlException message is: CREATE FILE encountered operating system error 5(Access is denied.) while attempting to open or create the physical file 'C:\PROGRAM FILES (X86)\NUNIT 2.6.3\BIN\APP_DATA\ASPNETDB_TMP.MDF'.
CREATE DATABASE failed. Some file names listed could not be created. Check related errors.
Creating the ASPNETDB_7b94db5a0b5b4fbbbe22fa8e91e4cc68 database...
It seems that you are still initializing the real membership database, meaning that the MembershipService hasn't been completely mocked out. You shouldn't need to add the membership config to your unit tests, given that you intend mocking it out completely.
You almost certainly want to mock the Interface to your service abstraction IMembershipService, viz:
Mock<IMembershipService> Membership = new Mock<IMembershipService>();
As an aside, the lazy initialization code
if (MembershipService == null)
MembershipService = new AccountMembershipService();
isn't ideal from a testing point of view, given that it means that the controller has 2 modes of operation, whereby it can either create the MembershipService itself, or accept one as a constructor dependency.
As an alternative, you might consider an IoC framework here to manage dependency lifespans, and this way there is only one set of code to be tested.
I am learning ASP.NET MVC and I have never worked with the .Net Authorisation, and Membership tool before.
I am creating an application that will let users log in and animals they own so it will have a number of tables
In tutorials I have looked at the membership and authorisation tool seems to create a new database for the login data. How would this work with my own custom tables?
Thanks
It's really easy to do, if you have custom tables. But in this case you have to check the password manually.
Here are few simple steps.
First, add forms authorization to your web.config file:
<authentication mode="Forms">
<forms loginUrl="~/login" defaultUrl="/" name=".ASPXFORMSAUTH" protection="All" slidingExpiration="true" path="/" timeout="50000000" />
</authentication>
Make sure you have controller properly configured in RouteConfig.cs
routes.MapRoute("Login", "login", new { controller = "Login", action = "Login" });
Make your own password validation function, based on information stored in your existing tables:
public bool ValidatePassword(string email, string password)
{
bool isValid = false;
// TODO: put your validation logic here
return isValid;
}
Note that you can use username or email. I prefer email, because users never forget their emails, but often have several usernames.
Create your Login controller:
public class LoginController : Controller
{
[HttpGet]
public ActionResult Login()
{
if(Request.IsAuthenticated)
{
return View("AlreadyLoggedIn");
}
return View();
}
[HttpPost, ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel viewModel)
{
if(ModelState.IsValid)
{
var isPasswordValid = ValidatePassword(viewModel.Email, viewModel.Password);
if(isPasswordValid)
{
FormsAuthentication.SetAuthCookie(viewModel.Email, true);
// now the user is authenticated
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("password", "Invalid password");
}
}
return View(viewModel);
}
}
View model is pretty easy:
public class LoginViewModel
{
[Required(ErrorMessage = "Please type your email")]
[EmailAddress(ErrorMessage = "Please provide correct email address")]
public string Email { get; set; }
[Required(ErrorMessage = "Please type your password")]
public string Password { get; set; }
}
And if you want to restrict access to some of your pages, use Authorize attribute:
public class AnotherController : Controller
{
[Authorize, HttpGet]
public ActionResult Index()
{
...
}
}
To summarize, you just need to put all your database login verification logic to ValidatePassword function, and that's it!
I'm getting an error while trying to write data to database.
I'm using sqlservercompact 4.0 and have installed entityframework.sqlservercompact from nuget package.
Here is my installed references
Edit: as per answer I have changed my provider name but I get new error that saysUnable to find the requested .Net Framework Data Provider. It may not be installed.
public class PortalContext : DbContext
{
public PortalContext() : base("AdminPortal")
{
}
public DbSet<RegisterModel> Users { get; set; }
}
name of my database is AdminPortal and table name is Users and in web.config i have
<connectionStrings>
<add name="AdminPortal" connectionString="Data Source=C:\Users\Biplov\documents\visual studio 2012\Projects\BootstrappingMvc\BootstrappingMvc\App_Data\AdminPortal.sdf" providerName="System.Data.SqlServerCe" />
</connectionStrings>
in controller I have
[HttpPost]
public ActionResult Register(RegisterModel user)
{
if (ModelState.IsValid )
{
var regUser = _db.Users.Create();//error at this line
regUser.UserName = user.UserName;
regUser.Password = user.Password;
_db.Users.Add(regUser);
_db.SaveChanges();
}
return RedirectToAction("Index");
}
SQL Server Compact doesn't use the System.Data.SqlClient provider for embedded databases, it used System.Data.SqlServerCe doesn't it?
What's the data source Asp.net MVC uses to see if the user is in which role. And how can i change it so that it works with my own database table (when i write [Autorize(Roles="admin")] it checks in the table if the user is in the role )
What's the data source Asp.net MVC uses to see if the user is in which role.
It uses the RoleProvider that is configured in your web.config. If you want to use custom tables you could write a custom role provider by inheriting from the RoleProvider class and implementing the abstract members. The IsUserInRole method is the one that you should always implement because that's what will be used in this case:
public class MyRoleProvider: RoleProvider
{
public override bool IsUserInRole(string username, string roleName)
{
// go and hit your custom datasource to verify if the user
// is in the required role and return true or false from this
// method
...
}
}
Then you could register your custom role provider in web.config in order to replace the default one:
<system.web>
...
<roleManager enabled="true" defaultProvider="MyRoleProvider">
<providers>
<add name="MyRoleProvider" type="Mynamespace.MyRoleProvider" />
</providers>
</roleManager>
</system.web>
And if you don't want to be using any providers (judging from your previous question that seems to be the case) then you should write a custom Authorize attribute which is not using a role provider at all but is using some custom code of yours:
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.User.Identity.IsAuthenticated)
{
// no user is authenticated => no need to go any further
return false;
}
// at this stage we have an authenticated user
string username = httpContext.User.Identity.Name;
return IsInRole(username, this.Roles);
}
private bool static IsInRole(string username, string roles)
{
// the username parameter will contain the currently authenticated user
// the roles parameter will contain the string specified in the attribute
// (for example "admin")
// so here go and hit your custom tables and verify if the user is
// in the required role
...
}
}
and finally decorate your controller action with this custom attribute instead of relying on the default one which is based on the role provider:
[MyAutorize(Roles = "admin")]
public ActionResult Index()
{
...
}
I am developing an ASP.Net MVC 4 web application. Previously my MVC applications have been developed using MVC 3 and with this new MVC 4 application I have just copied/ reused my authentication and authorisation code from previous applications.
When a user logs into my site I do the following
Account Controller
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
User user = _userService.GetUser(model.Email.Trim());
//Create Pipe Delimited string to store UserID and Role(s)
var userData = user.ApplicantID.ToString();
foreach (var role in user.UserRoles)
{
userData = userData + "|" + role.description;
}
_formAuthService.SignIn(user.ApplicantFName, false, userData);
return RedirectToAction("Index", "Portfolio");
}
return View(model);
}
FormsAuthenticationService
public class FormsAuthenticationService : IFormsAuthenticationService
{
public void SignIn(string userName, bool createPersistentCookie, string UserData)
{
if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");
// Create and tuck away the cookie
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddDays(15), createPersistentCookie, UserData);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(authTicket);
//// Create the cookie.
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(faCookie);
}
}
Global.asax
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// Get the authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
// If the cookie can't be found, don't issue the ticket
if (authCookie == null) return;
// Get the authentication ticket and rebuild the principal
// & identity
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
string[] UserData = authTicket.UserData.Split(new Char[] { '|' });
GenericIdentity userIdentity = new GenericIdentity(authTicket.Name);
GenericPrincipal userPrincipal = new GenericPrincipal(userIdentity, UserData);
Context.User = userPrincipal;
}
This code works well in my previous MVC 3 applications, but in this MVC 4 application, inside the Razor View, the following code does not seem to be accessing the IsInRole property to perform the role check
#if (HttpContext.Current.User.IsInRole("Applicant"))
{
<p>text</text>
}
Again, this worked perfectly in my MVC 3 applications.
Does anyone have any ideas or suggestions as to why this won't work with my MVC 4 application?
Any help is much appreciated.
Thanks.
Extra Info
My MVC 4 application is using .Net Framework 4.0
The screenshot below shows my Generic Principal which is assigned to Context.User. You can see that for this User, the m_roles contains two strings, the UserID (100170) and their Role(Applicant). But for some reason, The IsInRoles cannot be accessed or seen in my MVC 4 Razor View, however, it could in my identical MVC 3 Razor View.
Folks
I finally resolved this issue. It appears by default the SimpleMembershipProvider is enabled when you create a new ASP.NET MVC 4 application. I did not want to use the SimpleMembershipProvider on this occasion, however, I needed to disable it in my web config with the following line
<appSettings>
<add key="enableSimpleMembership" value="false" />
</appSettings>
My call to User.IsInRole works great now.
Hope this helps someone else.
In MVC 4 you can access the User from the WebPageRenderingBase, so inside razor syntax you have direct access to the User instance:
#if (Request.IsAuthenticated && User.IsInRole("Applicant"))
{
<p>text</p>
}
I see that you are creating a FormsAuthenticationTicket and an HttpCookie manually. The FormsAuthentication class would do this for you using SetAuthCookie(string, bool[, string]). In this sense your auth service can be reduced to:
public class FormsAuthenticationService : IFormsAuthenticationService
{
public void SignIn(string userName, bool createPersistentCookie, string UserData)
{
if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
}
}
It turns out you also need to change Application_AuthenticateRequest to Application_OnPostAuthenticateRequest:
protected void Application_OnPostAuthenticateRequest(Object sender, EventArgs e)
In MVC 4 HttpContext.Current.User is not exposed so you can't use it. What i did was create a custom BaseViewPage and added following code in it.
public abstract class BaseViewPage : WebViewPage
{
public virtual new Principal User
{
get { return base.User as Principal; }
}
}
public abstract class BaseViewPage<TModel> : WebViewPage<TModel>
{
public virtual new Principal User
{
get { return base.User as Principal; }
}
}
And then make following changes to system.web.webPages.razor/pages section your web.config in Views folder.
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="WebApp.Views.BaseViewPage">
<namespaces>
...
</namespaces>
</pages>
Hope this solves your problem.