locked
How to make custom authorization security based on database after login success ? RRS feed

  • Question

  • User696604810 posted

    Problem
    I work on project use asp.net mvc 5 and SQL server 2012 .
    I need to make custom authorization system based on database using ado.net technology
    so that if any one can helping by resources or source code or write source code or steps
    after login success load
    I need before any page on app open check or validate role
    if have true on status on user_roles table than open page
    if not redirect to page access is denied .
    so what i do after login success ?
    meaning what action event executed and where handle access to action or access denied after login success .

    What I have tried:

    I create 3 tables
    Users
    Roles
    User_roles (userid from users table ,roleid from role table)
    Sample
    User_roles table
    userid roleid pagenam status
    michel Administration accounts.aspx true

    [HttpPost]  
            public ActionResult Login(LoginView loginView, string ReturnUrl = "")  
            {  
                if (ModelState.IsValid)  
                {  
                    if (Membership.ValidateUser(loginView.UserName, loginView.Password))  
                    {  
                        var user = (CustomMembershipUser)Membership.GetUser(loginView.UserName, false);  
                        if (user != null)  
                        {  
                            CustomSerializeModel userModel = new Models.CustomSerializeModel()  
                            {  
                                UserId = user.UserId,  
                                FirstName = user.FirstName,  
                                LastName = user.LastName,  
                                RoleName = user.Roles.Select(r => r.RoleName).ToList()  
                            };  
      
                            string userData = JsonConvert.SerializeObject(userModel);  
                            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket  
                                (  
                                1, loginView.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData  
                                );  
      
                            string enTicket = FormsAuthentication.Encrypt(authTicket);  
                            HttpCookie faCookie = new HttpCookie("Cookie1", enTicket);  
                            Response.Cookies.Add(faCookie);  
                        }  
      
                        if (Url.IsLocalUrl(ReturnUrl))  
                        {  
                            return Redirect(ReturnUrl);  
                        }  
                        else  
                        {  
                            return RedirectToAction("Index");  
                        }  
                    }  
                }  
                ModelState.AddModelError("", "Something Wrong : Username or Password invalid ^_^ ");  
                return View(loginView);  
            }  

    Sunday, November 3, 2019 2:55 AM

All replies