locked
New to MVC. Looking for Best practices app RRS feed

  • Question

  • User135331403 posted

    One that has login security and sql database

    Thursday, January 24, 2019 2:07 PM

All replies

  • User475983607 posted

    One that has login security and sql database

    Please see the security documentation.

    https://www.asp.net/identity

    ASP.NET Core

    https://docs.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-2.2

    The standard Visual Studio templates come with security too.

    Thursday, January 24, 2019 2:31 PM
  • User135331403 posted

    I am looking for an example application??

    Thursday, January 24, 2019 3:51 PM
  • User475983607 posted

    helixpoint

    I am looking for an example application??

    Security is very vast subject and we have no idea what technology you are using (ASP.NET,  ASP.NET Core, Web API) or what you're securing.  Are you trying to secure API endpoints consumed by other systems?

    You can fire up a basic secured application by picking the "Individual Account" feature when creating a new project in Visual Studio. This information is openly covered in the linked tutorials in my first post.  Please set aside some time to go through the documentation.

    Thursday, January 24, 2019 3:59 PM
  • User1120430333 posted

    helixpoint

    I am looking for an example application??

    https://www.c-sharpcorner.com/article/create-identity-in-simple-ways-using-asp-net-mvc-5/

    Making the MVC for login is simple. It even makes the Identity database too, a localDB detached MDF file, that  must be attached to the MS SQL server database engine before deploying application to IIS. But for now, you can use the MDF file in development mode while using IIS Express.

    Now for the application itself, you can come up with some 'I am playing and learning' application yourself that is using the ADO.NET Entity Framework and MS SQL Server. Surely, you have something in mind.

    After the user is registered using the above tutorial, then it's a simple matter of you using the [Authorize] on an Action method. If the user has already logged in, then proceed, else, the user is sent to the login page. Alll of this is  implemented for you in the MVC project if you choose "Individual logon'" when creating the MVC project.

    BUT, you should consider looking at  documentation about the MVC UI design pattern and the basic principles. You shouldn't  fall down into the rabbit hole on just doing the monkey see and monkey do thing. :)

    using System;
    using System.Linq;
    using Microsoft.AspNetCore.Authorization;
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.AspNetCore.Mvc.ModelBinding;
    using ProgMgmntCore2UserIdentity.Models;
    
    namespace ProgMgmntCore2UserIdentity.Controllers
    {
        public class ProjectController : Controller
        {
            private readonly IProjectModel _projectModel;
            private readonly IModelHelper _modelHelper;
           
            public ProjectController(IProjectModel projectModel,   IModelHelper modelHelper)
            {
                _projectModel = projectModel;
                _modelHelper = modelHelper;
            }
    
            // GET: Project
            [Authorize]
            public ActionResult Index()
            {
                return View(_projectModel.GetProjectsByUserId(User.Identity.Name));
            }
    
            [Authorize]
            public ActionResult Details(int id = 0)
            {
                return id == 0 ? null : View(_projectModel.Edit(id));
            }
    
            [Authorize]
            public ActionResult Create()
            {
                return View(_projectModel.Create());
            }
    
            [Authorize]
            [HttpPost]
            public ActionResult Create(ProjectViewModels.Project project, string submit)
            {
                if (submit == "Cancel") return RedirectToAction("Index");
    
                ValidateddlProjectTypes();
    
                project.ProjectType = (Request.Form["ddlProjectTypes"]);
    
                if (ModelState.IsValid && _modelHelper.IsEndDateLessThanStartDate(project, "Project"))
                    ModelState.AddModelError(string.Empty, "End Date cannot be less than Start Date.");
    
                if (!ModelState.IsValid) return View(_projectModel.PopulateSelectedList(project));
    
                _projectModel.Create(project, User.Identity.Name);
                return RedirectToAction("Index");
            }
    
            [Authorize]
            public ActionResult Edit(int id = 0)
            {
                return id == 0 ? null : View(_projectModel.Edit(id));
            }
    
            [Authorize]
            [HttpPost]
            public ActionResult Edit(ProjectViewModels.Project project, string submit)
            {
                if (submit == "Cancel") return RedirectToAction("Index");
    
                if (ModelState.IsValid && _modelHelper.IsEndDateLessThanStartDate(project, "Project"))
                    ModelState.AddModelError(String.Empty, "End Date cannot be less than Start Date.");
    
                if (!ModelState.IsValid) return View(_projectModel.PopulateSelectedList(project));
    
                var theproject = new ProjectViewModels.Project();
    
                theproject = project;
    
                theproject.ProjectType = Request.Form["ProjectType"];
    
                _projectModel.Edit(theproject, User.Identity.Name);
                return RedirectToAction("Index");
            }
    
            public ActionResult Delete(int id = 0)
            {
                if (id > 0) _projectModel.Delete(id);
    
                return RedirectToAction("Index");
            }
       
            public ActionResult Cancel()
            {
                return RedirectToAction("Index", "Home");
            }
    
            public ActionResult UploadFile(int id)
            {
                return RedirectToAction("Index", "Upload", new { id = id, type = "PM" });
            }
    
            private void ValidateddlProjectTypes()
            {
                if (Request.Form["ddlProjectTypes"] == string.Empty)
                  return;
           
                foreach (var key in ModelState.Keys.ToList().Where(key => ModelState.ContainsKey(key)))
                {
                    if (key != "ProjectType") continue;
                    ModelState[key].Errors.Clear();
                    ModelState[key].ValidationState = ModelValidationState.Valid;
                }
            }
        }
    }

    Thursday, January 24, 2019 6:35 PM
  • User1520731567 posted

    Hi helixpoint,

    One that has login security and sql database

    By default, the ASP.NET MVC5 project use the ASP.NET Identity for authentication. To use your own database, you just need to modify the connectionstring in the web.config (ConnectionStrings section, DefaultConnection).

    If you want to associate the ASP.NET Identity table to your own table, you just need add the necessary code to the ApplicationUser class. For this way, your tables and ASP.NET tables are in a database.

    Security, Authentication, and Authorization with ASP.NET MVC:

    https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/

    Code-First Migration and Extending Identity Accounts From SSMS:

    https://www.codeproject.com/Articles/674760/Code-First-Migration-and-Extending-Identity-Accoun

    Understanding OWIN Forms authentication in MVC 5:

    https://blogs.msdn.microsoft.com/webdev/2013/07/03/understanding-owin-forms-authentication-in-mvc-5/

    Adding ASP.NET Identity to an Empty or Existing Web Forms Project:

    https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project

    Adding ASP.NET Identity to an Empty or Existing MVC Project:

    https://stackoverflow.com/questions/31960433/adding-asp-net-mvc5-identity-authentication-to-an-existing-project

    Best Regards.

    Yuki Tao

    Friday, January 25, 2019 6:07 AM