How Does Identity Work in Asp .Net MVC 5
Say, I have a SQL Server Database containing usernames/passwords. At my "login" view, I wish to enter data into the username/password text fields and when I click "login" I want to use my login Controller to compare those values against the values in the Database. All of that is fairly straight forward:
However, I want to use the [Authorize] Attribute on the remainder of my site's Controllers. After granted access past the Login page, I can't seem to find any examples that explain how to "Authorize" a user so that the ["Authorize"] Attributes recognize this user and allows them to access other Controllers/Actions. Here is how I have begun to set this up, but I can't find any direction on where to take it from here.
public class LoginController : Controller
{
// GET: /<controller>/
//[Route("/Login")]
public ActionResult Index()
{
return View();
}
public bool Login(Workflow.Models.WorkflowContext wfc, string username, string password)
{
var user = wfc.User.Where(u => u.Active && u.Username == username && u.Password == password).ToList();
if (user.Count > 0)
{
//User may log in
return true;
}
else
//Access Denied
return false;
}
}
For instance, without a user being authorized, I do not want them to be able to reach my "Home Controller":
[Authorize]
public class HomeController : Controller
{
[Route("/Home")]
public ActionResult Index()
{
return View();
}
public ActionResult About()
{
ViewData["Message"] = "Your application description page.";
return View();
}
public ActionResult Contact()
{
ViewData["Message"] = "Your contact page.";
return View();
}
public ActionResult Error()
{
return View();
}
}
I have been hearing about the classes "Identity" and "SignInManager" and I am a bit overwhelmed on how to use either of those options. I am still somewhat new to ASP .Net MVC, so I am trying to get a grasp on how Authorization works. Thanks.
Authentication/authorization is much more complicated than simply verifying a username and password one time. ASP.NET Identity is one of a few different mechanisms available to ASP.NET apps to handle authentication/authorization, and is the recommended approach for individual user auth. It replaces the much older ASP.NET Membership. SignInManager is just a class that's part of ASP.NET Identity that handles things like signing a user in (obviously). It is not some separate thing.
With that out of the way, you're going to just have to dig in. You definitely don't want to try to create your own system from scratch, and going forward, Identity is pretty much the primary method of authentication and authorization within ASP.NET. Learn it now, and you'll be able to work with the largest majority of ASP.NET sites out there and you'll be able to apply your knowledge to any new ASP.NET site you create.
Start your journey at https://www.asp.net/identity. There's a number of good tutorials and guides listed there and linked to from there (make sure to check out the additional resources). Also, you'll want to create a new MVC project with Individual User Accounts selected. This will give you a scaffolded project with basic Identity stuff baked in. You can also go whole hog and create a blank MVC project and then install the Identity Samples Nuget package. This will create a scaffolded project with pretty much every feature in Identity (two-factor auth, third-party OAuth logins, etc.). With that you can get a good idea of how everything works.