Simple, hard-coded authorization in ASP.NET MVC without complex providers and databases

Question

Simple, hard-coded authorization in ASP.NET MVC without complex providers and databases

I have an MVC application, I have only four user accounts. Since these are only administrator accounts that will not change, I do not want to deal with the database and all ASP.NET MVC membership options. I just need a very simple mechanism that checks multiple admin accounts and allows the user (or not). I know this is not a good practice, but it is perfect for my situation:

There is a web application that has a web API, and all (unauthorized) users speak to my application through the web API. There are many controllers that are intended only for administrators, and they are decorated with an attribute [Authorize]. All admin login pages. The site works fine, except that I could not create a login system. Whenever I try to log in (with any credentials), I get an error The entity type ApplicationUser is not part of the model for the current context.. I have no entity model ApplicationUser. I've never had. I don’t need that either. This happens on the following automatically generated line:

var user = await UserManager.FindAsync(model.UserName, model.Password);

How can I get rid of the default user manager and authentication methods and use my extremely simple authentication method? All the articles I found on the Internet are extremely complex. I use the classic ASP.NET, but I'm new to ASP.NET MVC, while I started working with ASP.NET MVC and its templates, and I can not find an easy starting point for membership / authorization. I just have to check only a few usernames and passwords, without the need for a database.

+4

authentication asp.net asp.net-mvc

Can poyrazoğlu Jan 27 '14 at 1:39

source share

1 answer

sunil · Accepted Answer · 2014-01-27T04:12:37+0000

, AppUser, AppUser IUser ( Microsoft.AspNet.Identity),

using Microsoft.AspNet.Identity; 
public class AppUser : IUser 
{ 
    //Existing database fields 
    public long AppUserId { get; set; } 
    public long AppUserName { get; set; } 
    public string AppPassword { get; set; } 
    public AppUser() 
    { 
        this.Id = Guid.NewGuid().ToString(); 
    } 
    [Ignore] 
    public virtual string Id { get; set; } 
    [Ignore] 
    public string UserName 
    { 
        get { return AppUserName; } 
        set { AppUserName = value; } 
    } 
}

UserStore, ( FindByNameAsync . db)

using Microsoft.AspNet.Identity;
public class UserStoreService : 
    IUserStore<AppUser>, IUserPasswordStore<AppUser>, 
    IUserSecurityStampStore<AppUser>
{
    CompanyDbContext context = new CompanyDbContext();

    public Task CreateAsync(AppUser user)
    {            
        throw new NotImplementedException();
    }

    public Task DeleteAsync(AppUser user)
    {
        throw new NotImplementedException();
    }

    public Task<AppUser> FindByIdAsync(string userId)
    {
        throw new NotImplementedException();
    }

    public Task<AppUser> FindByNameAsync(string userName)
    {
        Task<AppUser> task = 
        context.AppUsers.Where(apu => apu.AppUserName == userName)
        .FirstOrDefaultAsync();

        return task;
    }

    public Task UpdateAsync(AppUser user)
    {
        throw new NotImplementedException();
    }

    public void Dispose()
    {
        context.Dispose();
    }

    public Task<string> GetPasswordHashAsync(AppUser user)
    {
        if (user == null)
        {
            throw new ArgumentNullException("user");
        }

        return Task.FromResult(user.AppPassword);
    }

    public Task<bool> HasPasswordAsync(AppUser user)
    {
        return Task.FromResult(user.AppPassword != null);
    }

    public Task SetPasswordHashAsync(AppUser user, string passwordHash)
    {
        throw new NotImplementedException();
    }

    public Task<string> GetSecurityStampAsync(AppUser user)
    {
        throw new NotImplementedException();
    }

    public Task SetSecurityStampAsync(AppUser user, string stamp)
    {
        throw new NotImplementedException();
    }
}

, IPasswordHasher. (!)

using Microsoft.AspNet.Identity;
public class PasswordHasher : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword
    (string hashedPassword, string providedPassword)
    {
        if (hashedPassword == HashPassword(providedPassword))
            return PasswordVerificationResult.Success;
        else
            return PasswordVerificationResult.Failed;
    }
}

Startup.Auth.cs

UserManagerFactory = () => 
    new UserManager<IdentityUser>(new UserStore<IdentityUser>());

var userManager = new UserManager<AppUser>(new UserStoreService());
userManager.PasswordHasher = new PasswordHasher();
UserManagerFactory = () => userManager;

ApplicationOAuthProvider.cs IdentityUser AppUser. AccountController.cs IdentityUser AppUser , GetManageInfo RegisterExternal ..

Simple, hard-coded authorization in ASP.NET MVC without complex providers and databases

More articles: