0

I have some knowledge on .NET 4.5, but totally new to 4.5.1. As I read, they have a couple of changes so that apps work with Identity, which is nice for scale web apps.

That being said, I need to work on a web app with a basic user/password login system and I'm wondering if this template Individual User Accounts can work, or if I have to go with No Authentication? Please explain your answer.

Christopher Francisco
  • 15,672
  • 28
  • 94
  • 206

1 Answers1

2

basic user/password login system

Individual User Accounts will configure ASP.Net Identity for you. In addition, it will also create basic login, logout and other extra templates too. Click on Learn more for more information.

enter image description here

However, if you just need simple FormAuthentication, you want to select No Authentication.

The following is the example of simple FormAuthentication.

Sign-In method

public void SignIn(string username, bool createPersistentCookie)
{
    var now = DateTime.UtcNow.ToLocalTime();
    TimeSpan expirationTimeSpan = FormsAuthentication.Timeout;

    var ticket = new FormsAuthenticationTicket(
        1 /*version*/,
        username,
        now,
        now.Add(expirationTimeSpan),
        createPersistentCookie,
        "" /*userData*/,
        FormsAuthentication.FormsCookiePath);

    var encryptedTicket = FormsAuthentication.Encrypt(ticket);

    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, 
        encryptedTicket)
    {
        HttpOnly = true,
        Secure = FormsAuthentication.RequireSSL,
        Path = FormsAuthentication.FormsCookiePath
    };

    if (ticket.IsPersistent)
    {
        cookie.Expires = ticket.Expiration;
    }
    if (FormsAuthentication.CookieDomain != null)
    {
        cookie.Domain = FormsAuthentication.CookieDomain;
    }

    Response.Cookies.Add(cookie);
}

Global.asax.cs

You need this in order to retrieve the username from cookie, and save it in IPrincipal Object.

public class Global : HttpApplication
{
    private void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie decryptedCookie =
            Context.Request.Cookies[FormsAuthentication.FormsCookieName];

        FormsAuthenticationTicket ticket =
            FormsAuthentication.Decrypt(decryptedCookie.Value);

        var identity = new GenericIdentity(ticket.Name);
        var principal = new GenericPrincipal(identity, null);

        HttpContext.Current.User = principal;
        Thread.CurrentPrincipal = HttpContext.Current.User;
    }
}

web.config

Make sure you have authentication tag in web.config.

For example,

<authentication mode="Forms">
   <forms loginUrl="~/Account/Login" />
</authentication>

Usage

public ActionResult Index()
{
    var username = User.Identity.Name;

    return View();
}
Win
  • 61,100
  • 13
  • 102
  • 181
  • Doesnt the login server control do all that automatically for you? It definently creates a cookie etc. Might be an idea if you just want the basics? – Green_qaue Feb 10 '15 at 05:00
  • @MrCharli3 Good question; it is true in ASP.Net Web Form. ASP.Net MVC doesn't have login control. – Win Feb 10 '15 at 14:47