How to Self Authenticate in .NET MVC C#

When you build your website application and you have a sign in section, most people use their own cookies to store the user information to validate the users is logged in, but with .NET MVC you can use the built in authentication to sign in, sign out and control there role.

This feature enables you to neatly store the users information to validate them without all the fuss of using your own cookies, but better yet it is also encrypted for you as well. With the MVC concept you can then put the Authorized Attribute on your View Action Results to block them going to that page without being logged in. You can read more about this attribute and how to use the Authorization feature on Microsoft website here. This is all amazing and great, but this is built in with MVC so a bit restricted to use their set up using the details and roles of the current PC.

However after a bit of hunting and testing I found out how to use their authentication, but at your own will. After you have done your post back with the information of the user and you have done your checks to make sure they are an existing user etc. You can then sign them in with this piece of code below:

using System.Web.Security;

FormsAuthentication.SetAuthCookie(userName, false);

userName is of course the username of the person signing in. That is all you need to do with no hassle. You can then retrieve is the user is valid in your view and other pages via this:

User.Identity.IsAuthenticated

This will return a boolean if the user is signed in.

You can then also sign them out with the below:

FormsAuthentication.SignOut();

The problem I then also found what how do I then see what role the user is as I am not using the built in Authentication. I hunted again and found the way…

userName = the user name
userRole = the role you would like to assign

FormsAuthentication.SetAuthCookie(userName, false);

            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddDays(1), false, userRole, "/");

            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
                               FormsAuthentication.Encrypt(authTicket));

            HttpContext.Current.Response.Cookies.Add(cookie);

This creates a FormsAuthenticationTicketwhich is basically a collection of information of the user. This is then store in the same place as where your standard encrypted username would be stored. This can thenhold the string of what the users role is, plus any other information you would like to store.

To get the role out gets a bit longer though as you need to check the cookie and then un-encrypt it like below:

String userRole = "";
            var httpCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (httpCookie != null)
            {
                FormsAuthenticationTicket formsAuthenticationTicket = FormsAuthentication.Decrypt(httpCookie.Value);
                if (formsAuthenticationTicket != null)
                {
                    userRole = formsAuthenticationTicket.UserData;
                }
            }

fter checking the cookie exists you can then get the FormsAuthenticationTicketby Decrypting the cookie value. This will then put it in to the class object that you can get the data.

Advertisements

Leave a message please

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s