Forms Authentication In MVC
Forms Authentication In MVC
ASP.NET/MVC by default all the action methods are accessible to both anonymous and authenticated users. But, if you want the action methods to be available only for authenticated and authorized users, then you need to use the Authorization Filter in MVC.
Form Authentications
Step 1: first of all write the following code in your web.config file under <system.web> section
<authentication mode=”Forms”>
<forms slidingExpiration=”true” timeout=”2880″>
</forms>
</authentication>
Step 2: Create login model with the following data annotation or use your same signup model
[Required]
[EmailAddress]
[Display(Name = “Email”)]
[RegularExpression(@”^\w+([-+.’]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$”, ErrorMessage = “Email is not valid.”)]
public string Email { get; set; }
[Required]
[StringLength(100, ErrorMessage = “The {0} must be at least {2} characters long.”, MinimumLength = 6)]
[DataType(DataType.Password)]
[Display(Name = “Password”)]
Create controller method on the base of this you have to make your view page
public ActionResult Login()
{
return View();
}
login page will call the controller method. the controller method contain the following code
[HttpPost]
public ActionResult Login(MdlAccount mdl)
{
try
{
if (mdl.Email != null && mdl.Password != null)
{
BLL_User obj = new BLL_User();
MdlAccount Rtn = obj.bllLoginUser(mdl);
if (Rtn.Email != null && Rtn.Password != null)
{
FormsAuthentication.SetAuthCookie(mdl.Email, true);
if (Rtn.IsAdmin == 1)
return RedirectToAction(“Index”, “Admin”);
else
return RedirectToAction(“Index”, “Home”);
}
else
{
ModelState.AddModelError(string.Empty, “The User Name or Password is Invalid”);
return View(mdl);
}
}
else
return View();
}
catch (Exception)
{
throw;
}
}
This controller method will call the following BLL method
public MdlAccount bllLoginUser(MdlAccount mdl)
{
DAL_User obj = new DAL_User();
return obj.DalLoginUser(mdl);
}
Than from Bll method you have to call DAL method which contain the following code
public MdlAccount DalLoginUser(MdlAccount mdl)
{
try
{
MdlAccount RtrnVal = new MdlAccount();
SqlParameter[] parm = new SqlParameter[2];
parm[0] = new SqlParameter(PARM_USER_Email, SqlDbType.NVarChar)
{
Value = mdl.Email
};
parm[1] = new SqlParameter(PARM_USER_Password, SqlDbType.NVarChar)
{
Value = mdl.Password
};
DataTable oTable = SqlHelper.ExecuteTable(this._ConnString, CommandType.StoredProcedure, SQL_Login_User, parm);
foreach (DataRow oRow in oTable.Rows)
{
RtrnVal.Email = Model.Common.CheckStringNull(oRow[“Email”]);
RtrnVal.Password = Model.Common.CheckStringNull(oRow[“Password”]);
RtrnVal.IsAdmin = Model.Common.CheckIntegerNull(oRow[“IsAdmin”]);
}
return RtrnVal;
}
catch (Exception)
{
throw;
}
}
Than DLL will call the following sqlhelper method
public static DataTable ExecuteTable(string connString, CommandType cmdType, string cmdText, SqlParameter[] cmdParms)
{
using (SqlConnection conn = new SqlConnection(connString))
{
try
{
SqlCommand cmd = new SqlCommand();
//SqlConnection conn = new SqlConnection(connString);
SqlDataAdapter oDataAdapter = new SqlDataAdapter();
DataTable oDataTable = new DataTable();
PrepareCommand(cmd, conn, null, cmdType, cmdText, cmdParms);
oDataAdapter.SelectCommand = cmd;
oDataAdapter.Fill(oDataTable);
cmd.Parameters.Clear();
return oDataTable;
}
catch (SqlException ex)
{
throw ex;
}
catch (Exception exx)
{
throw exx;
}
finally
{
conn.Close();
conn.Dispose();
}
}
}
WRITE THE FOLLOWING STORE PROCEDURE FOR LOGIN
CREATE procedure [dbo].[SPW_Login]
(
@Email nvarchar(50)
,@Password nvarchar(50)
)
as
Begin
Select * from Tbl_User where Email = @Email And Password=@Password
End
