如何使用asp.net-mvc创建基本用户登录？

Question

I'm going to be building this from scratch with C# and asp.net on Entity/MVC frameworks using LINQ.

We've opted to not use the built in membership authorization.

What I am trying to figure out is if I have all my bases covered or if I am forgetting something. Or if I am over complicating it.

Here is how I envision it.

I create a table that will house the user info, username, password. Move that to a model in my code.

I create an Authentication service in my code. Then when they log in I add the time to the table they logged in, and then on each page visit I check that time and if 30 minutes have elapsed I log them out and put them back on the login page otherwise I bring them to the page they requested.

Is this an ok way to go about it? Do I really need to add an authentication check to each page controller?

Which would Basically be. Services.Authentication.VerifyLogin()

If 30 minutes have passed log them out update table LoggedIn to false. If within 30 minutes. Update the LoggedInTime to current time.

Answer 1

I think what you want is to use an MVC authentication cookie, instead of checking your database for the time they logged in:

// sign in
FormsAuthentication.SetAuthCookie(username, false);
// sign out
FormsAuthentication.SignOut();

Ref. Custom Authentication and ASP.NET MVC

Ref. http://www.codeproject.com/Articles/578374/AplusBeginner-27splusTutorialplusonplusCustomplusF

Also, this is a good article on custom auth in MVC 4:

http://www.codeproject.com/Articles/601687/ASP-NET-MVC-4-Forms-Authentication-Customized

Answer 2

If you're using MVC, you won't have to " add an authentication check to each page controller ", all you have to do is adding the attribute above the Actions that need authentication in your controllers and that's about it.

Here's an Authorization sample that might help you out:
http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-7