MVC 4 Only Authorize user's should enter the certain page

Question

Okay i am developing some web application from the scratch. I have already made the custom login and registration pages using simple database from Tutorials Login and Registration. Now here's my site GUI or API, lets say there are two programs Program A and Program B. Anyone can visit my site's HOMEPAGE and use Program A but only authenticated user can use Program B by LOGIN() i.e. Program B link will be visible to those users who are LOGGED-IN.

So i need help to make my Program B secure, i.e. its links will be visible to those who are LOGGED-IN. I want to clear one more thing that Program A Link and "Program B Link" both are coded on main HomePage, so u can't direct access Program B by just URL. I hope you get what I am trying to say ... HELP!!! Below is my Login.cshtml code

  @model FYPFinalTest3.Models.UserLogin
@{
    Layout = null;
}

<h2>Login</h2>

@using (Html.BeginForm("Login","Login", FormMethod.Post))
{
    //this  is for create form tag
    @Html.AntiForgeryToken()          // this is for prevent CSRF attack
    @Html.ValidationSummary(true)
    if (@ViewBag.Message != null)
    {
        <div style="border:1px solid red">
            @ViewBag.Message
        </div>
    }
    <table>
        <tr>
            <td>@Html.LabelFor(a=>a.Username)</td>
            <td>@Html.TextBoxFor(a=>a.Username)</td>
            <td>@Html.ValidationMessageFor(a=>a.Username)</td>
        </tr>
        <tr>
            <td>
                @Html.LabelFor(a=>a.Password)
            </td>
            <td>
                @Html.PasswordFor(a=>a.Password)
            </td>
            <td>
                @Html.ValidationMessageFor(a=>a.Password)
            </td>
        </tr>
        <tr>
            <td></td>
            <td>
                <input type="submit" value="Login" />
            </td>
            <td></td>
        </tr>
    </table>
}

@* This below line is for create javascript section *@

@section Scripts{
    @Scripts.Render("~/bundles/jqueryval")
}

Neel · Accepted Answer · 2014-09-02T11:10:02.357

2

You can use Authorize attribute and can decorate your code as below :-

[Authorize]
public class ProgramB:Controller
   {

     public ActionResult Method1()
     {
       return View();
     }

     [Authorize]
     public ActionResult Method2()
     {
       return View();
     }
   }

So those users who are not logged in will be redirected to log in page.

For more details :-

http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

You can even create your own Custom Authorize attribute please have a look here :-

http://msdn.microsoft.com/en-us/library/ee707357(v=vs.91).aspx

edited Sep 02 '14 at 11:10

answered Sep 02 '14 at 11:02

Neel

11,625
3
43
61

Simply adding [authorization] is not doing the job. One more thing i don't understand how would this framework will know that user is authorized, because i am just using simple coding for matching username and password, nothing too complex. – Waqar Ahmed Sep 02 '14 at 11:39
I guess ur using form authentication..have you given authentication type in your web.config? can you post it here @WaqarAhmed? – Neel Sep 02 '14 at 11:40
Kindly review the link to the tutorial so that you will understand correctly what have i done, there is nothing to do with web.config in those steps. i have not changed anything in webconfig. – Waqar Ahmed Sep 02 '14 at 11:42
You will find that since you have enabled the forms authentication, you will be automatically redirected to the Login page "~/Account/Login" @WaqarAhmed...cyrrently what is happening when user is not logged in and you go direct on programB? – Neel Sep 02 '14 at 11:53
have a look here http://stackoverflow.com/questions/238437/why-does-authorizeattribute-redirect-to-the-login-page-for-authentication-and-au?rq=1 – Neel Sep 02 '14 at 11:55
That's the point, i have changed it to my loginPage, when i click Program B link, login page is displayed, after successful login, i have placed that ProgramB again in afterlogin page to check the authorizaion, when i click the Program B link again, again login page is displayed, like a circle loop. I think I know the reason which is i made my own registration and login page based on simple database. When i register i just takes data and saves into database, when i login it takes data and matches with data saved on database, SIMPLE.That's why it does not know the user is authorized. Help me:( – Waqar Ahmed Sep 02 '14 at 11:59
I guess you are missing something in your code..i would request you to go step by step instead of making any extra changes in starting..have a look here http://weblogs.asp.net/jongalloway/looking-at-how-asp-net-mvc-authorize-interacts-with-asp-net-forms-authorization and make sample application step by step and once you understand then make modification @WaqarAhmed – Neel Sep 02 '14 at 12:05

MVC 4 Only Authorize user's should enter the certain page

1 Answers1