MVC4中的基本登录/授权

Question

I have two Controllers in my MVC4 application that I want to require users to be logged into to access; an 'admin' area of sorts.

I have a database linked class that handles authentication for me in C#, meaning I can do something like this:

LoginUtility lu = new LoginUtility();
if(lu.Login("username", "password") == true){
   // User is genuine
} else {
   // Login failed
}

I want to hook this up to MVC4 so I can apply the [Authorize] attribute to those two Controllers.

Answer 1

You should use a basic Web Application Template, it gives you controllers to edit users and use authentication. Then, you will be able to allow certain controllers, or certain action of controllers. For a controller, you just have to put [Authorize(Roles = "Admin")] tag just before the definition of the controller to just allow this action to Admin Roles.

Answer 2

I have found doing custom login logic quite the pain. What you need to do is extend AuthorizeAttribute so you can use it on your controllers/actions, and override AuthorizeCore . If you need custom logic to extract the username and password from the request, you can do that through setting the User property on HttpContext in an OnAuthorization override.

Answer 3

In your web.config add :

<authentication mode="Forms">
  <forms loginUrl="login.aspx" />
</authentication>

And in your controller :

LoginUtility lu = new LoginUtility();
if(lu.Login("username", "password") == true){
 FormsAuthentication.SetAuthCookie(...);
}