Geek asks and answers

ASP.Net MVC User Authentication

I have an Asp.Net MVC web application sitting inside a website, still largely controlled by delphi. Currently, management is done using delphi, which creates cookies.

It was decided to authenticate users in the ASP.Net application by retrieving the cookie data and passing it to the imported Delphi DLL, which returns true or false depending on whether the user is valid.

My plan was to use forms authentication, but instead of redirecting the user to the form instead of calling the delphi shell, and if successful, redirect the user to the original url. This has the advantage that when security is migrated to .Net, the authentication infrastructure will already exist, it just needs to be changed.

public ActionResult LogOn(SecurityCookies model, string returnUrl)
    {
        try
        {
            if (model != null)
            {
                Log.DebugFormat("User login: Id:{0}, Key:{1}", model.UserId, model.Key);
                if (authenticator.UserValid(model.UserId, model.Key, 0))
                {
                    FormsService.SignIn(model.UserId, false);
                    return Redirect(returnUrl);
                }
            }
...

Please note that SecurityCookies are generated by a special binding class from the delphi cookie created - this works well.

Calling delphi dll also works fine.

, , , .Net- ajax-. , , 3 - : 1) ajax 2) ~/Account/Logon ( ) 3) ajax

, , , , 3 , . , ~/account/Logon .

, jQuery :     $.getJSON(requestString, () {               // -     });

, Url, , ? , .

+3
3

, , , global.asax.cs Application_AuthenticateRequest. cookie dll delphi Context.User. asp.net , HttpContext. Application_AuthenticateRequest:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
    if(authCookie != null)
    {
        //Extract the forms authentication cookie
        FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
        // Create an Identity object
        //CustomIdentity implements System.Web.Security.IIdentity
        CustomIdentity id = GetUserIdentity(authTicket.Name);
        //CustomPrincipal implements System.Web.Security.IPrincipal
        CustomPrincipal newUser = new CustomPrincipal();
        Context.User = newUser;
    }
}

cookie , .

BaseController, , , , . , HttpUnauthorizedResult.

public class BaseController : Controller
{
    protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (User == null || (User != null && !User.Identity.IsAuthenticated))
        {
           filterContext.Result = new HttpUnauthorizedResult();
        }
        else
        {
            // Call the base
            base.OnActionExecuting(filterContext);
        }
    }
}

web.config:

<authentication mode="None"/>

, .

+8

, , , ? , .

, . , , , PITA .

, , HttpModule, URL- , .

internal static bool IsFormsAuthenticationLogin(HttpResponseBase response)
{
    if (!response.IsRequestBeingRedirected) return false;
    if (string.IsNullOrWhiteSpace(response.RedirectLocation)) return false;

    Uri formsAuthUri;
    try
    {
        formsAuthUri = new Uri(FormsAuthentication.LoginUrl);
    }
    catch (Exception ex)
    {
        throw new XifCriticalException("Could not construct formsAuthUri", ex);
    }


    Uri redirctUri;
    try
    {
        redirctUri = new Uri(response.RedirectLocation, UriKind.RelativeOrAbsolute);
    }
    catch (Exception ex)
    {
        throw new XifCriticalException("Could not construct redirctUri", ex);
    }

    try
    {
        //Check if the request was redirected by Forms Auth
        bool isFormsAuthenticationLogin = redirctUri.IsAbsoluteUri &&
                                            redirctUri.Host == formsAuthUri.Host
                                            && redirctUri.PathAndQuery.Contains(formsAuthUri.PathAndQuery); 

        return isFormsAuthenticationLogin;
    }
    catch (Exception ex)
    {
        throw new XifCriticalException("Could not construct isFormsAuthenticationLogin", ex);
    }
}

, MVC3,

 <add key="enableSimpleMembership" value="false" />
 <add key="autoFormsAuthentication" value="false" />
+1

.

-, , , ,

Server.Transfer(returnUrl, true);


return Redirect(returnUrl);

-, ajax . .

-, ajax-, , . ajax-, IsAjaxRequest() ( true, ) , ajax. -, Redirect, HTTP, Ajax (, Location, ajax). , , .

Finally, as a full left turn ... did you think you were leaving auth forms alone and using a custom MemberhipProvider instead? You can use this to verify membership through Delphi, and then set client cookies using regular FormsAuth objects, as in the AccountController example in MVC.

0
source

More articles:


All Articles