tags:

views:

50

answers:

2
+2  Q: 

What is a quick way I can add simple authentication to a few ASP.NET MVC routes, without implementing the whole Membership provider jazz?

I've created a demo website for my boss and one of the requirements is I need to add some simple authentication to his 3 admin views/routes.

What is the simplest, quickest way I can do this without implementing a whole membership provider? I honestly don't even care if the user/pass is hardcoded on the server side, I just need it so they can't access those 3 views without having authenticated in some way.

+1  A: 

easiest would be to select the menu [project] followed by [ASP.NET Configuration] in Visual Studio.

It'll set up a membership db for you. then add a couple of roles and users in the configuration manager that pops up.

that's it! Then simply decorate your actions/controllers with [Authorise] and check for some rights based on the user name. <= hard coded for the demo

griegs  2009-11-07 00:31:57
+2  A: 

I would go this route.

Add this to your web.config (could omit the SHA1 and use a plain text password if you want):

<authentication mode="Forms">
  <forms loginUrl="~/admin" timeout="2880">
      <credentials passwordFormat="SHA1">
        <user name="admin" password="4f3fc98f8d95160377022c5011d781b9188c7d46"/>
      </credentials>
  </forms>
</authentication>

Create a simple view for username and password and in the action method that receives the username and password go with this...

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOn(string username, string password)
{
    if (FormsAuthentication.Authenticate(username, password))
    {
        FormsAuthentication.SetAuthCookie(username, false);
        return RedirectToAction("Index", "Home");
    }
    else
    {
        ViewData["LastLoginFailed"] = true;
        return View();
    }
}

FormsAuthentication.Authenticate() automatically checks the username and password against the credentials node we created earlier. If it matches it creates your auth cookie with a "Remember Me" value of false and redirects you to the index view of your home controller. If it doesn't match it returns to the login page with ViewData["LastLoginFailed"] set to true so you can handle that in your view.

PS - Now that you have an easy way of authorizing don't forget to put the [Authorize] filter over the actions or controllers you want to protect.

DM  2009-11-07 05:12:22

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?