I have an existing database with a users table, and we are planning to take the database and use it for a new system built in ASP.NET MVC 4. However, what I am uncertain about is whether or not I am able to create a login system that doesn’t use the built
in account controller or a regular membership provider.
If I use My Own Login Function and have this code on sucessful login
if (user.IsValid(user.Email, user.Password)) { FormsAuthentication.SetAuthCookie(user.Email, true); return RedirectToAction("Index", "TestValidUser"); } else { ModelState.AddModelError("", "Login data is incorrect!"); }
Then I Can not get UserId and Role etc.Here i can only get Username which is not enough.
var userName = HttpContext.User.Identity.Name;
What is the most widely accepted way of doing things and the simplest?
check these links and work around
https://visualstudiogallery.msdn.microsoft.com/6780f8e4-d204-4e88-83c2-853098727ffb
You can write a function that returns a user object given the username
MyUserClass user = MyLogin.GetUser(HttpContext.User.Identity.Name); int id = user.ID;
AidyF
You can write a function that returns a user object given the username
The disadvantage is that on each action i have to call this function.I have to send request to DB which will effect performance?
Do we have another solution?
You could just store the user object in the session. The helper function would check the session and if a user exists return it, otherwise get it from the database and store it in the session and then return it. As a security measure I’d also check the
username of any stored user object in the session matches the username of the logged in user, otherwise get the user object again.
AidyF
You could just store the user object in the session.
I found a solution,I want to pass with UserName and then Seperate it.
Forms.SetAuthCookie (UserName + "|" + UserId, true);
So if I want admin rights on your system I just create an account with the username
Aidy|1
Think about it
AidyF
Aidy|1
I will get a complete pack like
Forms.SetAuthCookie (UserName + "|" + UserId+ "|" + UserRole, true);
But here is one issue to me in this approach, Can you please check
this Question
The point still stands, I could create a user called
"Aidy|1|Admin"
the code you use to split the values into their parts won’t know that the "|" chars are actually part of my username so I can force an id of 1 (probably the first user you create which is normally the site owner) and I can also force a role for myself.
If you want multiple properties from the user then storing the user object in the session is a better solution, IMO.
AidyF
If you want multiple properties from the user then storing the user object in the session is a better solution, IMO.
Ok Let me do by your way,here is my validate function for user login
public bool IsValid(string email, string password) { boolIsValid = false; var user = db.Users.FirstOrDefault(u => u.Email == email); if (user != null) { if (user.Password == EncryptPassword(password)) { IsValid = true;
Session["UserDetails"] = user;
} } return IsValid; }
Now how to get check it on each action and if cross compare with username and if NULL the call another function to set it again?You mean like this?