Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am quite new with MVC and I want to ask what is the best practice in showing user specific data while browsing the site. I am suing MVC 4.

Let's assume I have [Authorize] filter at all controllers level that will enforce users to be authenticated, except for few action controllers (register, login, password reset) that can be accessed anonymously.

If I have user x that will login, and browse to his account page, I want there to show, the user specific account info: name, email, company, phone, subscription type and so forth.

If he browse to some application specific settings, he should be able to see/change his won settings only.

My question basically is: what I have to do in order for my application to understand that now is logged in user x and on whatever page he browse(where he has access) he can see only his specific data? Something like when user browses to Account Page ... the model will return: select all where userID is current_logged_in_user. I guess I can use the user id for identifying the user specific data right?

The data will be stored in SQL Server db.
Posted
Updated 1-Aug-18 23:04pm

after successful login, please keep the user's idenetiy to
var identity = new GenericIdentity(ticket.Name);
So, you have to follow forms authenticaion and this is right approach to solve your problem.
Please look at the FormAuthetication process in ASP.Net MVC. below is an example of log in method.

C#
var ticket = new FormsAuthenticationTicket(...............
              );

           var encryptedTicket = FormsAuthentication.Encrypt(ticket);
           var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
           {
               HttpOnly = true,
               Secure = FormsAuthentication.RequireSSL
           };
         


           var identity = new GenericIdentity(ticket.Name);
           
           HttpContext.Current.User = identity;
 
Share this answer
 
Comments
LORD.XIVI 2-Nov-17 3:15am    
Where to post this code? in the login controller?
[no name] 2-Aug-18 5:05am    
Better you make a class and then add it to Global filer in Global file.
Better you make a class and then add it to Global filer in Global.asax.
 
Share this answer
 
Comments
Richard Deeming 3-Aug-18 14:07pm    
FIVE YEARS too late, and with a "solution" that has absolutely no context or explanation.

Stick to answering recent questions.
[no name] 4-Aug-18 0:35am    
Dear brother, I was very sick last 1 year even I could not do any single freelancing task thats why you got the answer in delay.sorry for the inconvenience.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900