I am currently working on an intranet for my internship (1st year comp. sci. student) - I took the last interns code and had to debug it / do some tweaks. It's going great so far; but my job right now is to go from Windows authentification method to a form based one and I'm pretty lost when it comes to it. So far, I have changed the authentication mode in my Web.config to Forms but here's the issue :
By adding
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" /> <!-- Was in comments -->
</authentication>
<authorization>
<deny users="?" />
</authorization>
to my Web.config it redirects me to the basic Login page that requires me to enter my information. (Due to the authorization)
But it still displays the following content from the Site.Master :
<div class="float-right">
Welcome <%: System.Environment.UserName %> - <a href='<%= Url.Action("MyProfile", "Employee") %>'>My Profile</a> | <%: Html.ActionLink("Logout", "Deco", "Home") %>
</div> <!-- Should only display if logged in -->
As if I was still logged in and I could change my profile.
Is there a way to display it only when my form-based authentication is logged in?
EDIT : Additionally, what should I do to migrate from Windows auth. to a form-based one?
EDIT2 : Here is the code from my AccountController :
[Authorize]
[InitializeSimpleMembership]
public class AccountController : Controller
{
//
// GET: /Account/Login
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
//
// POST: /Account/LogOff
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
WebSecurity.Logout();
//FormsAuthentication.SignOut();
return RedirectToAction("Index", "Home");
}
I'm not sure if you are checking if user is logged in app to show that piece of code. If not then you can first check if user is logged then show that html using Request.IsAuthenticated or User.Identity.IsAuthenticated:
@if(Request.IsAuthenticated) {
<div class="float-right">
Welcome <%: System.Environment.UserName %> - <a href='<%= Url.Action("MyProfile", "Employee") %>'>My Profile</a> | <%: Html.ActionLink("Logout", "Deco", "Home") %>
</div> <!-- Should only display if logged in -->
}
or:
@if (User.Identity.IsAuthenticated) {
<div class="float-right">
Welcome <%: System.Environment.UserName %> - <a href='<%= Url.Action("MyProfile", "Employee") %>'>My Profile</a> | <%: Html.ActionLink("Logout", "Deco", "Home") %>
</div> <!-- Should only display if logged in -->
}
Edit:
You should also change your login method to use FormsAuthentication.Authenticate method for authentication of users:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && FormsAuthentication.Authenticate(model.UserName, model.Password, persistCookie: model.RememberMe))
{
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
also in your Logout method use FormsAuthentication.SignOut();