locked
MVC 5 Custom Identification RRS feed

  • Question

  • User-1623772110 posted

    Hi,

    I've a mvc5 application with a custom login. Nothing crazy I just get username and password from a MongoDB then I do my check.

            [HttpPost]
            [ValidateAntiForgeryToken]
            public ActionResult Login ( LoginViewModel vm )
            {
                try
                {
                    if ( !ModelState.IsValid )
                        return View ( );
    
                    var db = new MongoDb ( );
                    var user = db.GetUser ( vm.Email.Trim ( ) );
    
                    if ( user == null )
                        return View ( "Home" );
    
                    string oldHash = user.Hash;
                    byte [ ] salt = user.Salt;
    
                    bool isLogin = Security.CompareHashValue ( vm.Password, vm.Email, oldHash, salt );
    
                    if ( !isLogin )
                    {
                        TempData [ "ErrorMSG" ] = "Access Denied! Wrong Credential";
                        return View ( vm );
                    }
    
                    SignInRemember ( vm.Email, vm.RememberMe );
    
                    FormsAuthentication.SetAuthCookie ( vm.Email, false );
    
                    Session [ "User" ] = vm;
    
                    return RedirectToAction ( "Index", "Dashboard" );

    Now till I'm in the same controller isAuthenticated is true but when I go do the Dashboard/Index

    class Dashboard {
    ...
    public ActionResult Index() {     bool auth = User.Identity.IsAuthenticated;

    is false and if I use the [Authorized] decorator the user cannot access to the ActionResult.

    I think that everything is right but I would like to let things works :-)

    Thank you

    Friday, May 1, 2020 2:20 PM

All replies

  • User1686398519 posted

    Hi,  Salvodif

    You need to add the following configuration in the "web.config" if you use FormsAuthentication.

     <system.web>
        <compilation debug="true" targetFramework="4.7.2" />
        <httpRuntime targetFramework="4.7.2" />
    	  <authentication mode="Forms">
    		  <forms loginUrl="Dashboard/Login" timeout="2880" />
    	  </authentication>
      </system.web>

    Here is the result.

    Best Regards,

    YihuiSun

    Wednesday, May 6, 2020 7:38 AM