At what point should I be checking for my cookie in my mvc app? Basically what I wish to do for each request is check to see if there is a cookie and if so show their name on the screen somewhere if not and the page requires the user to be logged in redirect them to a login page.
I DON'T want to use FormsAuthentication as I wish to create and use my own IPrinciple object I 'm just not sure whether I should be setting these in a base controller class or creating my own Authorize attribute and doing the checks in there.
My initial thoughts are that I should be doing this in the base controller class as this is similar to the base page in webforms where I override oninit.
Do not attempt to do authentication in a base controller class. In a situation where an action result is cached, your action will not run at all, and no controller will ever be instantiated. Therefore, authentication done inside the controller is broken by design.
The correct way to customize authentication, for many reasons, is to create a custom authentication provider. I've explained the reasons why and given links to simple examples of how to do this in the post linked above.
In short, using this method:
Has the right level of modularity
Works with caching
Works with regular ASP.NET, as well as with MVC
Related
I'm using Grails 2.3.3. Is there a better way to redirect to another controller/action from a view automatically if specific conditions exist otherwise continue to display the view - rather than doing this in the action itself?
What I am trying to do is prior to a view being displayed I want to check that I am logged in and if not to redirect automatically to the login page without any user intervention.
If I can do it within the view it's easy to add this login check code into the _header.gsp to effect all the pages. This would be much quicker than having to code up each action in each for each view of interest.
Yes, you can do with the help of Grails custom taglib by spitting a javascript code which will redirect page to different URL if you are not logged in. But this will reduce the user experience for those who will be using your product since you are first rendering to this page and then using Javascript, you are redirecting them back to login screen (if not logged in).
I would recommend you another three solutions:
Use the Grails's filters to protect your actions for authenticated users,
You can use custom Java annotations to protect action automatically by writing some bit of code,
To skip all the above two solutions, you can make use of a widely used Grails plugin for authentication named spring security core plugin, which provides the best & easy authentication mechanism and uses the core Spring Java library behind the scene which is in turn a huge and awesome thing to integrate.
as easy as to define a simple JS-based redirect in your GSP, or even better in shared template:
<sec:ifNotLoggedIn>
<g:javascript>
document.observe( 'dom:loaded', function(){
document.location = '${createLink( controller:'login', action:'doLogin' )}';
} );
</g:javascript>
</sec:ifNotLoggedIn>
I am using MVC 3 and having custom authorization attribute inhering AuthorizeAttribute on my controller. However in one case, I want to access one action from this controller without any authentication on it. Is it possible?
I want to do it wihout making any changes in the controller file as that code is already in production. Is there any way to override from web config.
Yeah you can do that by simply removing Authorize attribute from whole controller class and rather have Authorize attribute on individuals actions wherever you want.
I have an mvc4 application that I am looking at hosting on azure websites. The only task is to take a code from a parameter and redirect to a page within our main application. We have a .co domain so we are issuing shortcodes like mydomain.co/abc I check the code in this example abc and redirect it to somewhere in our main application.
My question is do I just create a controller and do the redirect from the controller or can I do this before the controller? I want it to be as lightweight as possible.
Thank you
A controller action taking the parameter, querying some data store by passing it this parameter in order to retrieve additional data and finally redirecting to the corresponding application seems fine. Another possibility is to write a custom route that will perform those tasks but IMHO having a controller action to do it seems easier.
I'm new to asp.net mvc and I was wondering if there was any clean non repetitive way of running a check to see whether a user is logged in when any Action Method on a particular controller is invoked? Also is there a way to stop that method from being invoked and redirecting the user to a specified page?
I'm using a custom authentication method (not Membership Provider) and i'm having trouble finding examples for this type of implementation.
Thanks in advance
Check the [Authorize] attribute System.Web.Mvc.AuthorizeAttribute. Also, the template ASP.NET MVC application created in Visual Studio contains a controller illustrating authorization/authentication techniques.
Just getting started using MVC in ASP.NET, I'm going to have it so users must login to use certain features. Now I have a User controller that stores users in a table and another controller that adds data to another table. Once the user is logged in, how would I get their id from the user table from within the add controller in order to add their id to that table?
I think that to solve your problem from the top down you might want to look into ASP.NET MVC Authentication instead of implementing something like this yourself. That said if you have a great reason for continuing down the path you're taking then I have some suggestions.
Firstly you may wish to consider using the repository pattern to add/remove/get data to and from your database. Any controller can implement any repository it likes so your add controller can just implement the user repository to get the user.
Also, remember that in ASP.NET MVC you can use session variables. If you need to know which user is doing what, then just store it in the session and retrieve it from there.