For my ASP.NET MVC 3 app (using Razor) my web.config has this:
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
<properties>
<add name="FirstName"/>
<add name="LastName"/>
</properties>
</profile>
It is my understanding from reading the docs that ASP.NET will automatically generate properties off the HttpContext so that I can access these like this:
// MyController.cs
Email = u.Email;
FirstName = HttpContext.Profile.FirstName;
LasttName = HttpContext.Profile.LastName;
However, the compiler is bitching that .FirstName and .LastName don't exist.
What is going on here?
Try this approach:
Create a class (name it UserProfile for example) extending ProfileBase
Add your public properties Email etc (don't forget {get;set;})
Change your Web.config like the following (change the inherits to your namespace)
You should be able to access it now via (UserProfile)HttpContext.Current.Profile
Your Web.config:
<profile defaultProvider="AspNetSqlProfileProvider" inherits="Namespace.To.Your.UserProfile">
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" connectionStringName="ConnectionStringName" type="System.Web.Profile.SqlProfileProvider" applicationName="App" />
</providers>
</profile>
Your profile class:
public class UserProfile : ProfileBase
{
public string Email
{
get { return (string)GetPropertyValue("Email"); }
set { SetPropertyValue("Email", value); }
}
}
When using ASP.NET Web Forms, the profile data is accessed through a proxy object whose properties correspond to the profile properties. This feature isn't available for MVC Framework applications.
u can get user profile property value just like this:
public ActionResult Index()
{
ViewBag.Name = HttpContext.Profile["Name"];
ViewBag.City = HttpContext.Profile.GetProfileGroup("Address")["City"];
return View();
}
it will return current logged in user profile property value.
Related
Is there any way that an MVC view could be hit without that view being explicitly returned. In other words, is there some delegated redirect or back-end default page load in ASP.NET-MVC that could throw to a view without that view's name showing up anywhere in the source code? Because if so, I would like to be able to pinpoint all places in my code that could cause a given view to be loaded, even without explicitly returning that view.
Edit for clarity:
I just want to know how/if any View could get loaded without that view being explicitly returned or redirected to from an ActionResult so that I can identify the block of code that is causing the page to get hit.
Here is my RouteConfig.cs
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapMvcAttributeRoutes();
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Default", id = UrlParameter.Optional }
);
}
private static string EnsureTrailingSlash(string value)
{
if (value == null)
{
value = string.Empty;
}
if (!value.EndsWith("/", StringComparison.Ordinal))
{
return value + "/";
}
return value;
}
}
Here are some potentially relevant sections from my Web.config
<configuration>
......
<system.webServer>
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
</handlers>
</system.webServer>
<system.web>
<compilation>
<assemblies>
<add assembly="System.Web.Mvc, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
</configuration>
It may be from outside the code. Check if where you are hosting your web app if there is any special rules set in place that are automatically showing your errror.cshtml page.
Also, check your web.config if there are special rules in there:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
try looking in here for something like this
</httpErrors>
</system.webServer>
</configuration>
Without seeing anymore of your code or what not it is tough to say exactly. But this might be helpful.
I have a ASP.NET website set up with Windows Authentication for a specific domain group (MYDOMAIN\MY_SITE_USERS). I want to add a controller with some actions that can be performed from a special Windows account, without access to the rest of the website.
So:
~ ==> only MYDOMAIN\MY_SITE_USERS
~/DoSomething ==> only MYDOMAIN\MY_SITE_USERS
~/SpecialAction/Do ==> only MYDOMAIN\SPECIAL_ACCOUNT
I've seen other answers (using location in Web.Config) for example:
<location path="~/SpecialAction/Do">
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="*"/>
<add accessType="Allow" users="MYDOMAIN\SPECIAL_ACCOUNT"/>
</authorization>
</security>
</system.webServer>
</location>
but my the problem is that with the above, then SPECIAL_ACCOUNT can access all the other pages since I need to add to the general:
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<allow users="MYDOMAIN\SPECIAL_ACCOUNT" />
<allow users="MYDOMAIN\MY_SITE_USERS"/>
<deny users="?" />
<deny users="*" />
</authorization>
otherwise MYDOMAIN\SPECIAL_ACCOUNT can't login at all.
Have you tried to use any approach similar to the following one?
public static class ApplicationRoles
{
public const string SpecialAccount = #"domain\Special Account";
public const string MySiteUsers = #"domain\My Site Users";
}
[Authorize(Roles = ApplicationRoles.SpecialAccount)]
public class SpecialAction()
{
//stuff
}
[Authorize(Roles = ApplicationRoles.MySiteUsers)]
public class DoSomething()
{
//stuff
}
If you are looking for a web.config based solution, it would be worthy to have a look at Dynamic Controller/Action Authorization in ASP.NET MVC.
Use an action filter on the controllers that require protection.
public class FilterAccountsAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string username = filterContext.HttpContext.User.Identity.Name;
//do your logic here for access.
//if allow no need to do anything
//else redirect to error page etc?
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "Error" },
{ "controller", "Home" },
{"area", ""}
});
}
}
Then use like so:
[FilterAccounts]
public class HomeController : Controller
{
}
You could even extend the above to take arguments. If you can shove all your logic into one filter then you only need to remember to add it to all your controllers with the argument needed for it's protection.
[FilterAccounts(FilterEnum.OnlySpecialAccount)]
[FilterAccounts(FilterEnum.OnlySiteUsers)]
Probably I'm missing something obvious but I cannot manage to get an SDF-based ASP.NET MVC 4 web app work with the new simple membership. I detail my steps so this can be useful as a reference for other newbies.
To start with, I found this very useful intro to the new membership system: http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx. My steps in a code-first with existing database (the SDF is a temporary placeholder for a full-fledged existing SQL Server db) were as follows:
I created a new internet app with VS 2012.
I added a new SDF file to App_Data (Accounts.sdf) and created there my tables for users and roles.
I added a new connection string to web.config:
<connectionStrings>
<clear/>
<add name="AccountsContext" connectionString="Data Source=|DataDirectory|\Accounts.sdf;Persist Security Info=False" providerName="System.Data.SqlServerCe.4.0" />
</connectionStrings>
I changed the InitializeSimpleMembershipAttribute.cs file to use my own datacontext, which is hosted in an intermediate data layer; here I paste the few relevant changes I made to the template code:
...
public SimpleMembershipInitializer()
{
Database.SetInitializer(null);
try
{
using (AccountsContext context = new AccountsContext())
{
if (!context.Database.Exists())
{
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("AccountsContext", "User", "Id", "Name", autoCreateTables: true);
// seed data here...
}
...
Here it is the data context (notice the connection string name in the default ctor):
public sealed class AccountsContext : DbContext
{
public DbSet<User> Users { get; set; }
public DbSet<Role> Roles { get; set; }
public AccountsContext() : base("Name=AccountsContext")
{
Database.Initialize(false);
}
public AccountsContext(string nameOrConnectionString) : base(nameOrConnectionString)
{
Database.Initialize(false);
}
public AccountsContext(DbConnection connection, bool contextOwnsConnection) :
base(connection, contextOwnsConnection)
{
Database.Initialize(false);
}
protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
// user
modelBuilder.Entity<User>().Property(u => u.Id)
.HasDatabaseGeneratedOption(DatabaseGeneratedOption.Identity);
// role
modelBuilder.Entity<Role>().Property(r => r.Id)
.HasDatabaseGeneratedOption(DatabaseGeneratedOption.Identity);
modelBuilder.Entity<Role>().ToTable("webpages_Roles");
modelBuilder.Entity<Role>().Property(r => r.Id).HasColumnName("RoleId");
modelBuilder.Entity<Role>().Property(r => r.Name).HasColumnName("RoleName");
// user-role
modelBuilder.Entity<User>()
.HasMany(u => u.Roles)
.WithMany(r => r.Users)
.Map(m =>
{
m.MapLeftKey("UserId");
m.MapRightKey("RoleId");
m.ToTable("webpages_UsersInRoles");
});
}
}
Now when I run the web app I immediately get an exception telling me that the LocalSqlServer connection name was not found. This belongs to the machine.config where I can find these entries:
...
<membership>
<providers>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" .../>
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" ... autogenerateschema="true"/>
</providers>
...
Thus I tried to override these entries by adding these lines to my web.config:
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
If I run the app now I get an exception like this:
System.Configuration.ConfigurationErrorsException
Message=Default Membership Provider could not be found.
Source=System.Web
BareMessage=Default Membership Provider could not be found.
Yet, the web app has references to both WebMatrix.Data and WebMatrix.WebData (both version 2), already set by the VS template.
So how could I let this work?
In my current mvc 4 project with mssql,
its a simple one i so I just wanted very simple memmbership provider
I disabled
InitializeSimpleMembershipAttribute
by
[Authorize]
//[InitializeSimpleMembership]
public partial class AccountController : Controller
and added this code to global.asax under Application_Start
so you dont need anymore SimpleMembershipInitializer
WebSecurity.InitializeDatabaseConnection(
connectionStringName: "DefaultConnection",
userTableName: "UserProfile",
userIdColumn: "UserID",
userNameColumn: "UserName",
autoCreateTables: true);
in my sql database the application created some tables on of them was Roles and UserInRoles just added the roles I needed like Admin, customer, etc...
you can do the same with your database or build some interface to manage roles and memmbership.
and I restrict the access to some Controllers or Actions by adding this code
[Authorize(Roles = "Admin")]
public class MessagesController : Controller
Could not say this is obvious, yet it does work.
In order to have SimpleMembeship working with SQL Compact, the very first thing you need to do is to add with Nuget "EntityFramework.SqlServerCompact" and "Microsoft ASP.NET Universal Providers Core Library"
The name of your connection string being "AccountsContext", you should have the same in your Model:
public class UsersContext : DbContext
{
public UsersContext()
: base("AccountsContext")
{
}
public DbSet<UserProfile> UserProfiles { get; set; }
public DbSet<webpages_Membership> Membership { get; set; }
}
Then, your section should not have anything SQL related, as this is for ASP security, not the new SimpleMembership; here is how mine looks like:
<membership defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I'm trying to wire up a custom membership privider in ASP MVC 4 WebAPI but I cannot figure out how to replace the current provider. I've put a breakpoint in the constructor of the provider and it never lands on it. Running the test below gives me a "401 Unauthorized" message on the GetResponse call so SOMETHING is trying to validate the request. Where am I going wrong? Nearly this identical code runs in ASP MVC 4 site (not WebAPI).
I know the general logic in the test is working because the test succeeds if i remove the Authorize attribute.
This is my WebConfig:
<authentication mode="Forms" />
<profile enabled="false">
<providers>
<clear/>
</providers>
</profile>
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="CustomWebApiMembershipProvider"
applicationName="AppName"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="MyWebApiRoleProvider">
<providers>
<clear/>
<add name="MyWebApiRoleProvider" type="CustomWebApiRoleProvider" />
</providers>
</roleManager>
This is my provider.
public class CustomWebApiMembershipProvider: MembershipProvider
{
public override bool ValidateUser(string username, string password)
{
return password.Contains("please");
}
public CustomWebApiMembershipProvider()
{
var x = "hello";
}
}
This is my controller:
[Authorize]
public class TestApiSecureController : ApiController
{
// GET api/<controller>
public IEnumerable<string> Get()
{
return new string[] {"CustomWebApi Secured Access"};
}
}
and this is my test:
[Test]
public void Authorize_WhenApiKeyProvided_ReturnsValidResponse()
{
var request = WebRequest.Create("http://localhost:4011/api/TestApiSecure") as HttpWebRequest;
AddAuthorizationInfo(request, "username", "pleaseLetMeIn");
//we keep timing out when stepping through in debug, so set huge timeout
request.Timeout = 100000;
var response = request.GetResponse();
var reader = new StreamReader(response.GetResponseStream());
var result = reader.ReadToEnd();
Assert.IsTrue(result.Contains("CustomWebApi"));
}
private void AddAuthorizationInfo(HttpWebRequest request, string username, string password)
{
var usernamePwString = username + ":" + password;
var authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(usernamePwString));
request.Headers["Authorization"] = "Basic" + authInfo;
}
It looks like forms authentication requires some cookies magic, that isn't handled by an HttpWebRequest. You'll need to create your own Authorize attribute - check out : http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-membership-provider/
For the life of me, I cannot get the SqlProfileProvider to work in an MVC project that I'm working on.
The first interesting thing that I realized is that Visual Studio does not automatically generate the ProfileCommon proxy class for you. That's not a big deal since it's simpy a matter of extending the ProfileBase class. After creating a ProfileCommon class, I wrote the following Action method for creating the user profile.
[AcceptVerbs("POST")]
public ActionResult CreateProfile(string company, string phone, string fax, string city, string state, string zip)
{
MembershipUser user = Membership.GetUser();
ProfileCommon profile = ProfileCommon.Create(user.UserName, user.IsApproved) as ProfileCommon;
profile.Company = company;
profile.Phone = phone;
profile.Fax = fax;
profile.City = city;
profile.State = state;
profile.Zip = zip;
profile.Save();
return RedirectToAction("Index", "Account");
}
The problem that I'm having is that the call to ProfileCommon.Create() cannot cast to type ProfileCommon, so I'm not able to get back my profile object, which obviously causes the next line to fail since profile is null.
Following is a snippet of my web.config:
<profile defaultProvider="AspNetSqlProfileProvider" automaticSaveEnabled="false" enabled="true">
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
<properties>
<add name="FirstName" type="string" />
<add name="LastName" type="string" />
<add name="Company" type="string" />
<add name="Phone" type="string" />
<add name="Fax" type="string" />
<add name="City" type="string" />
<add name="State" type="string" />
<add name="Zip" type="string" />
<add name="Email" type="string" >
</properties>
</profile>
The MembershipProvider is working without a hitch, so I know that the connection string is good.
Just in case it's helpful, here is my ProfileCommon class:
public class ProfileCommon : ProfileBase
{
public virtual string Company
{
get
{
return ((string)(this.GetPropertyValue("Company")));
}
set
{
this.SetPropertyValue("Company", value);
}
}
public virtual string Phone
{
get
{
return ((string)(this.GetPropertyValue("Phone")));
}
set
{
this.SetPropertyValue("Phone", value);
}
}
public virtual string Fax
{
get
{
return ((string)(this.GetPropertyValue("Fax")));
}
set
{
this.SetPropertyValue("Fax", value);
}
}
public virtual string City
{
get
{
return ((string)(this.GetPropertyValue("City")));
}
set
{
this.SetPropertyValue("City", value);
}
}
public virtual string State
{
get
{
return ((string)(this.GetPropertyValue("State")));
}
set
{
this.SetPropertyValue("State", value);
}
}
public virtual string Zip
{
get
{
return ((string)(this.GetPropertyValue("Zip")));
}
set
{
this.SetPropertyValue("Zip", value);
}
}
public virtual ProfileCommon GetProfile(string username)
{
return ((ProfileCommon)(ProfileBase.Create(username)));
}
}
Any thoughts on what I might be doing wrong? Have any of the rest of you successfully integrated a ProfileProvider with your ASP.NET MVC projects?
Thank you in advance...
Here's what you need to do:
1) In Web.config's section, add "inherits" attribute in addition to your other attribute settings:
<profile inherits="MySite.Models.ProfileCommon" defaultProvider="....
2) Remove entire <properties> section from Web.config, since you have already defined them in your custom ProfileCommon class and also instructed to inherit from your custom class in previous step
3) Change the code of your ProfileCommon.GetProfile() method to
public virtual ProfileCommon GetProfile(string username)
{
return Create(username) as ProfileCommon;
}
Hope this helps.
Not sure about the whole question, but one thing I noticed in your code:
ProfileCommon profile = (ProfileCommon)ProfileCommon.Create(user.UserName, user.IsApproved) as ProfileCommon;
You do not need both the (ProfileCommon) and the as ProfileCommon. They both do casts, but the () throws and exception while the as returns a null if the cast can't be made.
Try Web Profile Builder. It's a build script that automagically generates a WebProfile class (equivalent to ProfileCommon) from web.config.
The web.config file in the MVC Beta is wrong. The SqlProfileProvider is in System.Web.Profile, not System.Web.Security. Change this, and it should start working for you.