Skip to main content

Authentication in MVC

using System;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Optimization;
using System.Web.Security;
using System.Web.Script.Serialization;
using DynamicProject.Utility.Security;
using System.Configuration;

namespace DynamicProject.Web
{    
    public class MvcApplication : System.Web.HttpApplication
    {
        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);

            DynamicProject.Utility.Logging.Logger.Configure(Server.MapPath("~/Config/log4net.config"));
        }
              
        protected void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs e)
        {
            //Saving user data into form authentication cookie
             HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

             if (authCookie == null)
             {                
                 if (e.Identity != null && e.Identity.IsAuthenticated &&
                     (ConfigurationManager.AppSettings["DefaultToLoginPage"] != null &&
                      ConfigurationManager.AppSettings["DefaultToLoginPage"].ToString() == "false"))
                 {
                     string corpId = e.Identity.Name.ToString().ToUpper();
                     
                     if (corpId.Contains("\\"))
                         corpId = corpId.Substring((corpId.IndexOf('\\') + 1), 7).ToUpper();
                     
                     CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new UserSecurity().GetUserDetails(corpId);

                     if (objCustomPrincipalSerializeModel != null)
                     {
                         JavaScriptSerializer serializer = new JavaScriptSerializer();

                         string userData = serializer.Serialize(objCustomPrincipalSerializeModel);

                         FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, corpId, DateTime.Now, DateTime.Now.AddMinutes(15),
                                                                                              false, userData);

                         string encTicket = FormsAuthentication.Encrypt(authTicket);
                         HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
                         Response.Cookies.Add(faCookie);
                     }
                     else
                     {
                         //Not authorized user
                     }                     
                 }
             }
        }

        protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
        {
            //Retrieving  user data from authentication cookie
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

                JavaScriptSerializer serializer = new JavaScriptSerializer();

                CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(authTicket.UserData);

                CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
                newUser.Id = serializeModel.Id;
                newUser.FirstName = serializeModel.FirstName;
                newUser.LastName = serializeModel.LastName;
                newUser.Roles = serializeModel.Roles;
                newUser.CorpId = serializeModel.CorpId;
                newUser.FirstPriorityRole = serializeModel.FirstPriorityRole;

                HttpContext.Current.User = newUser;
            }
        }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipal : ICustomPrincipal
    {
        public IIdentity Identity { get; private set; }        

        public CustomPrincipal(string corpId)
        {
            this.Identity = new GenericIdentity(corpId);
        }

        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FirstPriorityRole { get; set; }
        public string CorpId { get; set; }

        public string FullName
        {
            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public bool IsInRole(string role)
        {
            return Roles.Contains(role) ? true : false;
        }

        public bool IsAdmin
        {
            get { return FirstPriorityRole == "ADM" ? true : false; }
        }

        public bool IsUser
        {
            get { return FirstPriorityRole == "USR" ? true : false; }
        }

        public bool IsQualityCheckAdmin
        {
            get { return FirstPriorityRole == "QCA" ? true : false; }
        }

        public int RoleCount
        {
            get { return Roles.Length; }
        }       
    }
}



using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace DynamicProject.Utility.Security
{
    public class CustomPrincipalSerializeModel
    {
        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string[] Roles { get; set; }
        public string FullName
        {

            get
            {
                string fullName = string.Empty;

                if (!string.IsNullOrEmpty(FirstName))
                    fullName = FirstName;

                if (!string.IsNullOrEmpty(LastName))
                {
                    fullName += fullName == string.Empty ? LastName : " " + LastName;
                }
                return fullName;
                //return FirstName + " " + LastName; 
            }
        }
        public string CorpId { get; set; }
        public string FirstPriorityRole
        {
            get;
            set;
        }
    }
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Principal;

namespace DynamicProject.Utility.Security
{
    public interface ICustomPrincipal : IPrincipal
    {
        int Id { get; set; }
        string FirstName { get; set; }
        string LastName { get; set; }
        string[] Roles { get; set; }
        string FullName { get; }
    }
}


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using DynamicProject.DAL;
using DynamicProject.DTO;

namespace DynamicProject.Utility.Security
{
    public class UserSecurity
    {
        public CustomPrincipalSerializeModel GetUserDetails(string corpId)
        {
            if (corpId != null)
            {
                UserRepository objUserRepository = new UserRepository();

                CustomPrincipalSerializeModel objCustomPrincipalSerializeModel = new CustomPrincipalSerializeModel();
                User objUser = objUserRepository.GetUserDetails(corpId, true);
                List<Role> lstRole = objUserRepository.GetRoleList();
                List<Role> lstFilteredRole = new List<Role>();

                if (objUser != null)
                {
                    objUser.UserRoles = objUser.UserRoles.Where(F => F.IsActive == "Y").ToList();

                    if (objUser.UserRoles != null && objUser.UserRoles.Count > 0)
                    {                        


                        objCustomPrincipalSerializeModel.CorpId = objUser.CorpId;
                        objCustomPrincipalSerializeModel.Id = objUser.UserRoles.Count;
                        objCustomPrincipalSerializeModel.FirstName = objUser.UserRoles[0].Users.FirstName;
                        objCustomPrincipalSerializeModel.LastName = objUser.UserRoles[0].Users.LastName;
                        
                        string[] roles = new string[objUser.UserRoles.Count];
                        for (int roleCount = 0; roleCount < objUser.UserRoles.Count; roleCount++)
                            roles[roleCount] = objUser.UserRoles[roleCount].RoleCode;

                        objCustomPrincipalSerializeModel.Roles = roles;

                        foreach (string role in roles)
                        {
                            var objRole = lstRole.Where(F => F.RoleCode.ToUpper() == role.ToUpper()).FirstOrDefault<Role>();
                            lstFilteredRole.Add(objRole);
                        }

                        lstFilteredRole = lstFilteredRole.OrderBy(F => F.PriorityNumber).ToList();
                        objCustomPrincipalSerializeModel.FirstPriorityRole = lstFilteredRole[0].RoleCode;
                        return objCustomPrincipalSerializeModel;
                    }
                    
                }
            }
            return null;
        }
    }
}


Comments

Post a Comment

Popular posts from this blog

C# IEnumerable and IQueryable

The first important point to remember is IQueryable interface inherits from IEnumerable, so whatever IEnumerable can do, IQueryable can also do.   There are many differences but let us discuss about the one big difference which makes the biggest difference. IEnumerable interface is useful when your collection is loaded using LINQ or Entity framework and you want to apply filter on the collection. Consider the below simple code which uses IEnumerable with entity framework. It’s using a Wherefilter to get records whose EmpId is 2. EmpEntities ent = new EmpEntities(); IEnumerable<Employee> emp = ent.Employees;  IEnumerable<Employee> temp = emp.Where(x => x.Empid == 2).ToList<Employee>(); This where filter is executed on the client side where the IEnumerable code is. In other words all the data is fetched from the database and then at the client its scans and gets the record with EmpId is 2.   But now see the below code we have...
Post a Comment
Read more

Asp.Net MVC Life Cycle

MVC Life Cycle: 1. Routing -         Routing is the first step in ASP.NET MVC pipeline. Typically, it is a pattern matching system that matches the incoming request to the registered URL patterns in the Route Table. The UrlRoutingModule(System.Web.Routing.UrlRoutingModule) is a class which matches an incoming HTTP request to a registered route pattern in the RouteTable(System.Web.Routing.RouteTable). 2.Controller Initialization -        The MvcHandler initiates the real processing inside ASP.NET MVC pipeline by using ProcessRequest method. This method uses the IControllerFactory instance (default is System.Web.Mvc.DefaultControllerFactory) to create corresponding controller. 3. Action Execution – Action execution occurs in the following steps:        When the controller is initialized, the controller calls its own InvokeAction() method by passing the details of the chosen action method. This is han...
Post a Comment
Read more