Authorization and Authentication implementation in MVC
Authorization and Authentication implementation in MVC:
Now am going to explain about Authorize attribute and how to implement authorization in MVC.
When a user is trying To access the internal page of a site with out a authentication it should redirect the log in page and once user get authenticated, it should redirects to url which was user trying to access.In order to implement this functionality we should write a custom authorize class which is inhering the "AuthorizeAttribute" class.
In your custom authorize class we need to ovveride the method which is in Authorize attribute class i.e AuthorizeCore method
EX:
public class CustomAuthorize : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return session["Your sessionKey"] != null;
}
}
in AuthorizeCore method you can write your own logic to authorize .Here i have written authorization when seesion key is not null Like you write your own logic to authorize.
this method gives the true or false value based on your logic if its true its authenticates else it redirects to the your login page which is configured in web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Now am going to explain about Authorize attribute and how to implement authorization in MVC.
When a user is trying To access the internal page of a site with out a authentication it should redirect the log in page and once user get authenticated, it should redirects to url which was user trying to access.In order to implement this functionality we should write a custom authorize class which is inhering the "AuthorizeAttribute" class.
In your custom authorize class we need to ovveride the method which is in Authorize attribute class i.e AuthorizeCore method
EX:
public class CustomAuthorize : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return session["Your sessionKey"] != null;
}
}
in AuthorizeCore method you can write your own logic to authorize .Here i have written authorization when seesion key is not null Like you write your own logic to authorize.
this method gives the true or false value based on your logic if its true its authenticates else it redirects to the your login page which is configured in web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
To implement authorize we need to give our customauthorize attribute to our controller
[CustomAuthorize]
public class YourController : Controller
{
}
So if you user fail in authentication it redirects to the loginpage
once get authenticated via log in user should redirect to the previous access url
you need to write action method for login
like bellow
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (1== 1) //User your validation databse logic
{
FormsAuthentication.SetAuthCookie(model.UserName, false);
ClientContext.Current.User = new User() { ID=1,UserName="ram"};
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Home", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
i hope this helps you to implement authorization
if any questions mail me @ram.chittala@live.com
Labels:
MVC