c# - Develop a custom authentication and authorization system in consistence with web form application -

-

i creating new asp.net mvc 4 application (actually first mvc application) part of previous asp.net web forms application. have never used asp.net inbuilt authentication methods in of project. new mvc 4 app published on sub-domain of previous app. login done previous app. return url should provided mvc app return current page if not logged in. however, new user registration, account recovery options developed in previous web forms application , don't want replicate them in new mvc application.

a cookie token token number issued web form application on event of successful login shared domain *.maindomain.com.

now want merge own token validation method asp.net inbuilt methods can make use of authorize , other security related options in new mvc application.

in previous application have developed custom user validation system in following way.

first, have following related sql server tables

enter image description here

and following classes

public class token {     public static uint generatetoken(string useremail, string password, bool ispersistent)     {         // static function generates uint type unique token number         // , put in cookie "token" using httpcontext.current.response object.         // if ispersistent set true cookie persistent otherwise not         // if there problem in creating token throw exception proper message         // possible causes of not generating token         // 1. invalid useremail or password         // 2. 'state' value in 'member' table 'emailpending' or 'suspended' (there enum memberstate     }      public token(uint tokenno, bool validateimmediately = false)     {         // load token details few filed member table database         // call validate function if validateimmediately set true         // throws exception if token not exists in database     }      public void validate()     {         // checks memberstate active , token status active , throws exception if wrong         // , check (lastaccessedon.addseconds(tokenlife) < appsettings.now) not true         // call updatestatus function new token status , current page httpcontext in comment parameter     }      public void updatestatus((tokenstatus newstatus, string comment = "")     {         // write both newstatus , comment in token table         // , remove token cookie if newstatus not set active     }      public uint tokennumber { get; private set; }     public uint membernumber { get; private set; } // member table     public string name { get; private set; } // member table     public memberstate memberstate { get; private set; } // member table     public string memberemail { get; private set; } // member table     public uint businsessno { get; private set; } // business table     public datetime createdon { get; private set; }     public datetime lastaccessedon { get; private set; }     public uint tokenlife { get; private set; } // member     public string createdip { get; private set; }     public string lastip { get; private set; }     public bool ispersistent { get; private set; }     public tokenstatus status { get; private set; }     public string comment { get; private set; }     public static token current     {                 {             if (_t == null)                 _t = new token(uint.parse(httpcontext.current.request.cookies["token"].value));             return _t;         }     }     private static token _t; }  public class member {      // member related operations new member, send verification email , verify email }

for logging out user call updatestatus (tokensatus.closed, "user logged out"). method take care of cookie removal.

note: member class has property bool isadmin. know why for.

please suggest me best solution develop authentication system according needs in mvc application. telling again options new user, account recovery , email verification done in previous asp.net web forms application. need put validate() method of token class on right place in mvc application. confused several solution available on internet.

if hand-roll own authentication, security can strong how store ticket in client side cookie securely.

normally, want encrypt auth ticket/token , access via ssl. long store cookie securely @ client side, should not issue.

i suggest take @ how asp.net creates form authentication ticket.

note: if use asp.net form authentication ticket not need store ticket/token in database, because user send auth ticket server on every page request.

var = datetime.utcnow.tolocaltime();  var ticket = new formsauthenticationticket(                 1, /*version*/                 memberid,                 now,                 now.add(formsauthentication.timeout),                 createpersistentcookie,                 tokenid, /*custom data*/                 formsauthentication.formscookiepath);  var encryptedticket = formsauthentication.encrypt(ticket);  var cookie = new httpcookie(formsauthentication.formscookiename, encryptedticket) {    httponly = true,    secure = formsauthentication.requiressl,    path = formsauthentication.formscookiepath };  if (ticket.ispersistent) {    cookie.expires = ticket.expiration; } if (formsauthentication.cookiedomain != null) {    cookie.domain = formsauthentication.cookiedomain; }  _httpcontext.response.cookies.add(cookie);

how create principal object

once authenticated user requested page, need retrieve auth ticket cookie, , create principal object.

// in global.asax.cs void application_authenticaterequest(object sender, eventargs e) {    httpcookie decryptedcookie =        context.request.cookies[formsauthentication.formscookiename];     formsauthenticationticket ticket =        formsauthentication.decrypt(decryptedcookie.value);     var identity = new genericidentity(ticket.name);    var principal = new genericprincipal(identity, null);     httpcontext.current.user = principal;    thread.currentprincipal =httpcontext.current.user; }  // in action method, how check whether user logged in  if (user.identity.isauthenticated) {  }

do need extend cookie expiration?

if leave slidingexpiration true (which true default), increase expiration time automatically. (read more on article)


Comments

Post a Comment

Popular posts from this blog

plot - Remove Objects from Legend When You Have Also Used Fit, Matlab -

-
Image
i've plotted data points , fitted exponential curve between them using 'fit' in matlab. problem fit-function got fitted line wanted plot, markers on top of regular markers. solved problem plotting wanted markers on top of unwanted couldn't seen. problem. when want show legends dots in there. how can remove markers legend without removing fitted line since both of them hidden inside fit-function? can stop 'fit' plotting unwanted markers? so, want remove blue dot called 'hoff' in picture below. you can leave out legend-entries manually leaving out handles of lines, dont want in legend. try this: %if plot something, want showing in legend, save handle: h_line = plot(x,y) %you dont want show line? dont anything, plot it: plot(mymarker) %then set legend-> can add text legend-entries %a cell-array containing strings want show up: legend([h_line another_line],{'text1' 'text2'}) with example (see comments) came solution:
Read more

java - Why does my date parsing return a weird date? -

-
here code using: string string = "08/07/2013".replace('/', '-'); date date = new simpledateformat("yyyy-mm-dd").parse(string); why date return: "wen jan 3 00:00:00 est 14"? not @ date format told use. edit: need format because database using requires format. the format use parse date string, not match it. using yyyy 08 . use following format: new simpledateformat("dd-mm-yyyy") and why @ replacing / - ? can build pattern original string only: string string = "08/07/2013" date date = new simpledateformat("dd/mm/yyyy").parse(string); and if want date string in yyyy-mm-dd format, can format date using dateformat#format(date) method: string formatteddate = new simpledateformat("yyyy-mm-dd").format(date); see also: change date format in java string simpledateformat java doc
Read more

Need help in packaging app using TideSDK on Windows -

-
i developed application using tidesdk on windows , when click launchapp works fine. moved package , installed imagemagick , wix 3.0 required packaging on windows. clicked on package runtime , cannot guess packaged app is? found file 'installer' in workspace when click on it says installer not find application path . think application not being packaged properly. here log see in tidesdk: preparing package desktop app runtime. 1 moment... staging trial -> copying contents d:\lab\tidesdk\trial d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying installer c:\programdata\tidesdk\sdk\win32\1.3.1-beta\installer d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying runtime d:\lab\tidesdk\trial\packages\win32\bundle\trial -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\app\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\codec\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\mod
Read more