c# - Authentication using Owin in MVC -
i'm messing around owin authentication wanted learn more mvc in general decided write little test app have login form , authenticate users against credentials stored in database.
login form validation written gods sake...i cannot figure out how create valid session once user has entered correct credentials. assume need set cookie or similar formsauthentication?
so have owin startup file contains following
public void configuration(iappbuilder app) { // more information on how configure application, visit https://go.microsoft.com/fwlink/?linkid=316888 } public void configureauth(iappbuilder app) { // enable application use cookie store information signed in user app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, authenticationmode = authenticationmode.passive, loginpath = new pathstring("/account/logon"), cookiesecure = cookiesecureoption.sameasrequest }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); antiforgeryconfig.uniqueclaimtypeidentifier = claimtypes.nameidentifier; }
i have view containing form links user.cs model , usercontroller.cs controller containing following
model:
[required] [display(name = "user name")] public string username { get; set; } [required] [datatype(datatype.password)] [display(name = "password")] public string password { get; set; } [display(name = "remember on computer")] public bool rememberme { get; set; } /// <summary> /// checks if user given password exists in database /// </summary> /// <param name="_username">user name</param> /// <param name="_password">user password</param> /// <returns>true if user exist , password correct</returns> public bool isvalid(string _username, string _password) { using (cmsentities dbconn = new cmsentities()) { _password = encryption.generatesha512string(_password); tbluser user = dbconn.tblusers.where(u => u.txtusername == _username && u.txtpassword == _password).firstordefault(); if (user == null) { dbconn.dispose(); return false; } else { dbconn.dispose(); return true; } } }
controller:
[httppost] public actionresult login(models.user user) { if (modelstate.isvalid) { if (user.isvalid(user.username, user.password)) { //login user , redirect } else { modelstate.addmodelerror("", "login data incorrect!"); } } return view(user); }
for gods sake cannot figure out code should there logging user in , creating cookie. despite going through lot of different online tutorials on using owin, i'm not getting :(
any advise please?
the using cookie middleware page has advice:
to create cookie holding user information must construct claimsprincipal holding information wish serialized in cookie. once have suitable claimsprincipal inside controller method call:
await httpcontext.authentication.signinasync("mycookiemiddlewareinstance", principal);
to sign out current user, , delete cookie call following inside controller:
await httpcontext.authentication.signoutasync("mycookiemiddlewareinstance");
you may need add authenticationscheme = "mycookiemiddlewareinstance"
configuration of middleware.
Comments
Post a Comment