Just getting started using MVC in ASP.NET, I'm going to have it so users must login to use certain features. Now I have a User controller that stores users in a table and another controller that adds data to another table. Once the user is logged in, how would I get their id from the user table from within the add controller in order to add their id to that table?
I think that to solve your problem from the top down you might want to look into ASP.NET MVC Authentication instead of implementing something like this yourself. That said if you have a great reason for continuing down the path you're taking then I have some suggestions.
Firstly you may wish to consider using the repository pattern to add/remove/get data to and from your database. Any controller can implement any repository it likes so your add controller can just implement the user repository to get the user.
Also, remember that in ASP.NET MVC you can use session variables. If you need to know which user is doing what, then just store it in the session and retrieve it from there.
Related
I am hoping to create some secure areas of my MVC application, I understand how users can register, login etc with the out of the box views controllers etc.
One thing that seems to be lost on me is a way to manage these users after they register. Some things I would like to be able to do:
Assign roles to users
C-R-U-D users
C-R-U-D roles
Is this all functionality I have to build myself or am I just missing something here? Everything I have found lends itself to writing code to do all these things, but it seems as though these are standard enough that they should exist.
it's very simple. if you take a look at your auto-generated DB for users, you will see that it already contains tables for roles etc. so everything was already prepared for generic use, you just need to define the basics and use it.
You can first try to play with it a bit by adding values manually to the DB tables, just to get the feel of how it works.
define a role
assign users with that role
now depending on your use, whether you'd like to allow\block access to action or entire controllers just set this for example above a action or class [Authorize(Roles = "Admin")].
in addition to (3) you can also make decisions in the server side (C# and cshtml) according to the user roles, by using:
var userManager = new UserManager(userStore);
if(userManager.IsInRole(user.Id, "Admin")){...}
read more in this link, it goes over the CRUD actions - define and use.
We have an ASP.NET MVC website with two main models /Account and /Store. Account model is dedicated to user registration, password recovery, profile update, etc. while the Store one is dedicated to shopping cart and checkout management.
During the purchase process, we want to give the user the ability to login (and eventually recover password), update his/her profile data, etc. This involves accessing the data of the /Account model and the need to return to the original purchase process page.
What is the best way to accomplish this (jump elsewhere and return) with MVC?
Thanks,
Alberto
Alberto,
If these classes are really models then you have no problem to use them in any controller.
The best way is to use partial views and just invoke them from your controller.
I hope this helps you, let me know if you require more clarification.
Alexander
I'm building a site in ASP.NET MVC 2 that will allow for anonymous users and registered users. When a user is logged in, I want to display multiple pieces of information related to that profile on every page (i.e. hometown, favorite color, etc.). From a view perspective, I understand using Master pages and creating partials to keep it DRY.
However, where I am getting stuck is how do I pass this user information to the view for every page? I already have the relationships between database tables established (I'm using EF), so I can do this on an individual basis for each action through ViewData, but that's obviously ridiculous for every page on the site.
So far, my research has started to lead me down the path of creating a base controller and base view model that the other controllers and view models will inherit from. But I feel like I'm missing something obvious. Any pointers?
If you have your Master page use the RenderAction method, it can invoke controller actions for the various repetitive parts of your page, each of which can perform data access and render a partial view. That allows you to separate your view models while still displaying certain elements on all your pages.
This approach works great for us.
We use a base controller to store it in ViewData.
You could also use an action attribute on the controller rather than inheriting from a base controller.
You could create a base class for your models that contains the data that is display on every page.
I have an MVC application, and I need to create and store a unique session Id for each application instance. In standard ASP.NET this is easy, I would have simply added a hidden field in the master page and stored a Guid there on the first Page_Load.
However, there is not code behind in MVC, and I also believe that you can't implement a controller for a master page OR create a strongly typed view master page.
Anyone know an easy way around this? I'm just playing around with MVC for the first time so be gentle if what I'm asking seems stupidly simple.
Thanks
If you need to persist a few objects for the lifetime of an instance of your application I would recommend you using the built-in Cache object or Application. If those objects need to be specific to each user then use the Session object.
Why not store this in a cookie?
I'm creating a new ASP.NET MVC application. So far I've used the Account controller for actions related to a user's account -- Login/Logout, Activation (like Register, but I use Register for other actions in the site so I've renamed it), Add/Update Contact information. Up to now, though, I've been concentrating on the administrative user views.
I'm at the point where I'm going to start creating the various views that non-administrative users will see. These are rather limited compared to the administrative interface. My inclination is to create a new set of views and associated controller in the User "family" instead of using the Account views/controller. Is this a good idea or should I stick with the Account controller? My feeling is that since this is for ordinary users it should be a separate controller since Account would apply to both ordinary and administrative users.
EDIT: After reading the first couple of responses, my refactored question is:
Do you consider the Account controller to be for administrative actions related to the user's account or for all actions on the user's account? Would you distinguish between membership/role related views/data and application related views/data to the extent of creating a new controller.
Related, but doesn't directly answer my question: ASP.NET MVC Account Controller usage guidelines?
I don't think there's a right or wrong answer here, so I'll give you my opinion.
Technically, either solution (extending the Account controller or creating a new controller) will work just fine.
So I think this is more a question of how the users perceive the functionality. I think it's a good idea to follow the convention that the URI dictates the controller (or vice versa, if you prefer).
If, for example, you'd like to have the "administrative" actions on a separate path, then that should be a separate controller. You might want to do this, for example, if you use an IIS module for authentication or if it makes your log analysis easier.
On the other hand, it might be the case that the users perceive account functions and administrative functions as part of the same family of actions, except that some users have additional features. If so, then that suggests that should be on the same path in the URI and, hence, part of the same controller.
Summing up, I think this is a question you should ask your user representative instead of folks on this site. :)
Update: Regarding your updated question, I would say that it is fairly natural to put an action for changing a user's password on the Account controller, and that action could be invoked by the user herself, not just an administrator. So I wouldn't presume that the Account controller is strictly for administrative tasks. On the other hand, your example of the fund-raising performance is well outside of the scope of membership-related things, so it is not clear that it belongs on Account, either. I'm still leaning towards, "ask your user representative."
In ASP.NET MVC you will usually create controls based on data types rather than access types. For example:
Instead of 2 /Controllers/UsersControl.cs and /Controllers/Admin/UsersControls.cs it is easier to use one common controller for both admins and regular users - /Controllers/UsersController.cs (by setting different [Authorize] attributes and views).
I would keep existing AccountController.cs for encapsulating account related functionality. And just add new UsersController.cs for the rest Users related functionality (which could have methods like OnlineUsers etc.)