Hi, I am new to MVC4, But i designed application with view and conrollers. everything works fine. Now the question is I need to Authenticate with windows and take UserName, password from web site and autheticate with database. but this database autencation
I need to do for every reqest which is sent by client eg:
public ActionResult GetEmployeeSalary()
{
InitilizeCredientials();
//---
//---
return View();
}
public bool InitilizeCredientials()
{
if(isValidUser(Username,password,domain)
{
if(isUserHasAuthorization(UserName))
{
return true;
}
}
return false;
}
this will work fine. but the question is how can I maintain data(username, password and domain ) securly through the all views and controllers in web application. ASP.NET we will use session to store it, but how it will work in MVC4.
If you use forms authentication you only have to add attributes to your controller class/methods to indicate what level of authentication is required, e.g. [Authorize] to simply require that the user be logged in, or [Authorize(Roles = "admin")] etc.
But, Here My Question is I want to access UserName, password in all controllers, lets take example i am connecting to WMI, so I should pass username/password/domain for each query from different controllers. so where should I store these values to get later
for other controllers.
so where should I store these values to get later for other controllers.
Thats NOT a good idea, you should be required to play with userid/password, it is seriou violation of security. In any case your application shouldn't know about the user crendential except the login that is also a one way operation.
I feel you need federation between your all the providers and you should look for WIF and an identity provider.
venkat.bommi...
0 Points
2 Posts
MVC4, Maintaining User Credentials thoruhgt the application
Jan 18, 2013 05:05 PM|LINK
Hi, I am new to MVC4, But i designed application with view and conrollers. everything works fine. Now the question is I need to Authenticate with windows and take UserName, password from web site and autheticate with database. but this database autencation I need to do for every reqest which is sent by client eg:
string Username, password, domain;
public static bool isValidUser(string userName, string password, string domain)
{
PrincipalContext pcon = new PrincipalContext(ContextType.Domain, domain);
return pcon.ValidateCredentials(userName, password, ContextOptions.Negotiate);
}
public ActionResult GetEmployeeSalary()
{
InitilizeCredientials();
//---
//---
return View();
}
public bool InitilizeCredientials()
{
if(isValidUser(Username,password,domain)
{
if(isUserHasAuthorization(UserName))
{
return true;
}
}
return false;
}
this will work fine. but the question is how can I maintain data(username, password and domain ) securly through the all views and controllers in web application. ASP.NET we will use session to store it, but how it will work in MVC4.
alex_brambil...
Participant
773 Points
280 Posts
Re: MVC4, Maintaining User Credentials thoruhgt the application
Jan 18, 2013 10:43 PM|LINK
If you use forms authentication you only have to add attributes to your controller class/methods to indicate what level of authentication is required, e.g. [Authorize] to simply require that the user be logged in, or [Authorize(Roles = "admin")] etc.
venkat.bommi...
0 Points
2 Posts
Re: MVC4, Maintaining User Credentials thoruhgt the application
Jan 22, 2013 11:11 AM|LINK
But, Here My Question is I want to access UserName, password in all controllers, lets take example i am connecting to WMI, so I should pass username/password/domain for each query from different controllers. so where should I store these values to get later for other controllers.
CPrakash82
All-Star
18314 Points
2851 Posts
Re: MVC4, Maintaining User Credentials thoruhgt the application
Jan 22, 2013 11:19 PM|LINK
Thats NOT a good idea, you should be required to play with userid/password, it is seriou violation of security. In any case your application shouldn't know about the user crendential except the login that is also a one way operation.
I feel you need federation between your all the providers and you should look for WIF and an identity provider.