Problem
I work on project use asp.net mvc 5 and SQL server 2012 .
I need to make custom authorization system based on database using ado.net technology
so that if any one can helping by resources or source code or write source code or steps
after login success load
I need before any page on app open check or validate role
if have true on status on user_roles table than open page
if not redirect to page access is denied .
so what i do after login ?
meaning what action event executed and where handle access to action or access denied
What I have tried:
I create 3 tables
Users
Roles
User_roles (userid from users table ,roleid from role table)
Sample
User_roles table
userid roleid pagenam status
michel Administration accounts.aspx true
[HttpPost]
public ActionResult Login(LoginView loginView, string ReturnUrl = "")
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(loginView.UserName, loginView.Password))
{
var user = (CustomMembershipUser)Membership.GetUser(loginView.UserName, false);
if (user != null)
{
CustomSerializeModel userModel = new Models.CustomSerializeModel()
{
UserId = user.UserId,
FirstName = user.FirstName,
LastName = user.LastName,
RoleName = user.Roles.Select(r => r.RoleName).ToList()
};
string userData = JsonConvert.SerializeObject(userModel);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket
(
1, loginView.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData
);
string enTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie("Cookie1", enTicket);
Response.Cookies.Add(faCookie);
}
if (Url.IsLocalUrl(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index");
}
}
}
ModelState.AddModelError("", "Something Wrong : Username or Password invalid ^_^ ");
return View(loginView);
}
Submit an article or tip