I am working on an app using the ASP.NET membership provider. By default, i can use a few fields such as username, password. How to add to the asp.net membership provider so I can add Profile fields such as "firstName", "lastName" in the register section and have it save to the database in aspnet_profile table along with other data.
I am creating a user in the account model as below:
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
MembershipCreateStatus createStatus;
Membership.CreateUser(model.UserName, model.Password,
model.Email,model.PasswordQuestion,model.PasswordAnswer,
true, null,out createStatus);
if (createStatus == MembershipCreateStatus.Success)
{
FormsAuthentication.SetAuthCookie(model.UserName, false);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
}
}
return View(model);
}
Now which function i should use to store profile info into db?
Help me !!
Add the fields to the profile section of Web.Config.
<profile>
<properties>
<add name="FirstName" />
<add name="LastName" />
<add name="Address1" />
<add name="Address2" />
<add name="City" />
<add name="State" />
<add name="Zip" />
<add name="Phone" />
<add name="ProfileVersion" type="int" defaultValue="0" />
</properties>
</profile>
For more information please visit: http://msdn.microsoft.com/en-us/magazine/cc163457.aspx
Related
I am new for Active Directory authentication. Need to create login using active directory. Please help me with explained example or link where I can learn to create active directory login
My web.config file:
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Service/Index" timeout="45" slidingExpiration="false" protection="All" />
</authentication>
<trust level="Full" originUrl="" />
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ADConnectionString"
connectionProtection="Secure"
connectionUsername="bos\user10"
connectionPassword="user#101"
attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://fontier.bos.com:389/DC=fontier,DC=bos,DC=com" />
</connectionStrings>
And my login action method is:
[HttpPost]
[AllowAnonymous]
public ActionResult LoginUser(LoginUser login, string returnUrl)
{
if (ModelState.IsValid)
{
//MembershipProvider domainProvider = Membership.Providers["ADMembershipProvider"];
//if (domainProvider.ValidateUser(login.UserName, login.Password))
if (Membership.ValidateUser(login.UserName, login.Password))
{
FormsAuthentication.SetAuthCookie(login.UserName,true);
if(Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Service");
}
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect");
}
return View(login);
}
Logout action:
public ActionResult Logout()
{
FormsAuthentication.SignOut();
return RedirectToAction("LoginUser", "User");
}
Here, I am getting error : The specified domain or server could not be contacted.
I googled a lot but couldn't get anything useful....Please give your valuable suggestion for this....Thanks.
I am using remote validator but it's not working even debugger isn't tracing that method.
public JsonResult CheckStrategyName(string StrategyName)
{
var ab = from a in db.Sterategy where a.StrategyName == StrategyName select a.StrategyName;
return !ab.Any() ? Json(true, JsonRequestBehavior.AllowGet) : Json(string.Format("Name Already esists"), JsonRequestBehavior.AllowGet);
}
I have used it here
[Required]
[Remote("CheckStrategyName", "St", ErrorMessage = "Already exists ")]
[Display(Name = "Name")]
public string StrategyName { get; set; }
Webconfig
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
Where am I making mistake ? :(
Your server code & settings seems to be fine. Make sure the following are in place
You are using the TextBoxFor helper method to generate the relevant input field markup and it is inside a form.
#using (Html.BeginForm())
{
#Html.TextBoxFor(s => s.StrategyName)
#Html.ValidationMessageFor(s => s.StrategyName)
<input type="submit" value="Submit" />
}
You have included the javascript libraries needed for validation.
<script src="~/Scripts/jquery.js"></script>
<script src="~/Scripts/jquery.validate.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.js"></script>
I've got a standard MVC project, with the UserManager and SignInManager objects and an AccountController, with the pre-created login and register type functionality.
I can register new users to my AspNetUsers table, but when I login I call:-
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
The data is coming through from the form correctly, and the result is Success, which I expected.
I then tried the following redirects:-
case SignInStatus.Success:
//return RedirectToLocal("/admin/");
return RedirectToAction("Index", "Admin");
but on any page, after this successful login, User.Identity.IsAuthenticated is always false, and User.Identity.Name is an empty string.
What am I doing wrong? I've done another project in the same way with the same setup in the past and I've had zero problems.
web.config
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<!--<authentication mode="Forms">
<forms loginUrl="~/Account/Login/" timeout="1000" />
</authentication>-->
<authentication mode="None" />
</system.web>
<modules>
<remove name="FormsAuthentication" />
</modules>
Can anyone suggest what I am doing wrong? It's causing major issues now.
Cheers!
Check to see if you have a Startup.Auth.cs file in your App_Start folder in the project.
public partial class Startup {
public void ConfigureAuth(IAppBuilder app) {
// This uses cookie to store information for the signed in user
var authOptions = new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
LogoutPath = new PathString("/Account/Logout"),
ExpireTimeSpan = TimeSpan.FromDays(7),
};
app.UseCookieAuthentication(authOptions);
}
}
and is called from the Startup class
public partial class Startup {
public void Configuration(IAppBuilder app) {
// Surface Identity provider
ConfigureAuth(app);
//..other start up code
}
}
Depending on the version of asp.net and identity you are using, you should take a look at this
ASP.NET Identity AuthenticationManager vs. SignInManager and cookie expiration
For me it was the web.config, comment following lines
<system.webServer>
<modules>
<!--<remove name="FormsAuthentication" />
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
-->
</modules>
</system.webServer>
I'm trying to implement a single-page app. I carried over some of my working code from another project (MVC4) to implement authentication. Right now I see cookies being set, but WebSecurity / User.Identity do not seem to be working for some reason. After logging in, subsequent requests never validate as authenticated, either via WebSecurity.IsAuthenticated, or User.Identity.IsAuthenticated. Does anyone know why this is happening?
Controller code:
public class AccountController : ApiController {
private readonly UserService _userService;
public AccountController() {}
public AccountController(UserService userService) {
_userService = userService;
}
[AllowAnonymous]
[HttpGet]
[Route("api/authpayload")]
// This gets called when the app loads. Always, User.Identity.IsAuthenticated is false.
public HttpResponseMessage AuthPayload() {
var payload = new AuthPayloadDto();
try {
var userId = WebSecurity.GetUserId(User.Identity.Name);
if (User.Identity.IsAuthenticated && userId > 0) {
payload.Username = User.Identity.Name;
} else {
LogOut();
payload.IsAuthenticated = false;
}
return Request.CreateResponse(HttpStatusCode.OK, payload);
} catch (Exception e) {
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
[HttpPost]
[Route("api/login")]
[AllowAnonymous]
public HttpResponseMessage LogIn(LoginModel model) {
if (!ModelState.IsValid)
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
try {
if (WebSecurity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in.");
if (!WebSecurity.UserExists(model.Username))
return Request.CreateResponse(HttpStatusCode.Conflict, "User does not exist.");
if (WebSecurity.Login(model.Username, model.Password, persistCookie: model.RememberMe)) {
// This code always gets hit when I log in, no problems. I see a new cookie get sent down as well, using Chrome debugger.
var payload = new AuthPayloadDto();
return Request.CreateResponse(HttpStatusCode.OK, payload);
}
LogOut();
return Request.CreateResponse(HttpStatusCode.Forbidden, "Login Failed.");
} catch (Exception e) {
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
Web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/" timeout="2880" />
</authentication>
<roleManager enabled="true" defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
<!--
If you are deploying to a cloud environment that has multiple web server instances,
you should change session state mode from "InProc" to "Custom". In addition,
change the connection string named "DefaultConnection" to connect to an instance
of SQL Server (including SQL Azure and SQL Compact) instead of to SQL Server Express.
-->
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
</system.web>
The cookie that gets sent after login is not expired, and it does get sent back on subsequent requests, but IsAuthenticated is always false. What am I doing wrong?
Update:
I updated my web.config to the following to get everything working:
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear />
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear />
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
</system.web>
But I'd like to leave this open in case anyone has an explanation of why this works; I'm pretty lost.
In my current mvc 4 project with mssql,
its a simple one i so I just wanted very simple memmbership provider
I disabled
InitializeSimpleMembershipAttribute
by
[Authorize]
//[InitializeSimpleMembership]
public partial class AccountController : Controller
and added this code to global.asax under Application_Start
WebSecurity.InitializeDatabaseConnection(
connectionStringName: "DefaultConnection",
userTableName: "UserProfile",
userIdColumn: "UserID",
userNameColumn: "UserName",
autoCreateTables: true);
in my sql database the application created some tables on of them was Roles and UserInRoles just added the roles I needed like Admin, customer, etc...
and I restrict the access to some Controllers or Actions by adding this code
[Authorize(Roles = "Admin")]
public class MessagesController : Controller
I have an html page that requires "SuperAdmin" role in order to access it. Here is my web.config and all works well :
....
<handlers>
<add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET" />
</handlers>
....
<location path="app/html/_superAdmin/Dashboards.html">
<system.web>
<authorization>
<allow roles="SuperAdmin" />
<deny users="*" />
</authorization>
</system.web>
</location>
The problem is the url string when the user is sent to login:
http://localhost:50138/Account/Login?ReturnUrl=%2Fapp%2Fhtml%2F_superAdmin%2FDashboards.html
I do not want the user to see "ReturnUrl=%2Fapp%2Fhtml%2F_superAdmin%2FDashboards.html".
How can I remove this querystring when the user is redirected to the login page.
Unless anyone can come up with something more elegant, this worked:
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
try
{
if (returnUrl.Contains("_superAdmin"))
{
return RedirectToAction("Login", "Account", new { area = "" });
}
}
catch (Exception)
{
}
return View();
}