All geek questions in one place

How to get user authentication with a custom action filter in ASP.NET MVC View?

I have an action method that uses my authentication filter:

public class TutorAuthenticationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var req = filterContext.HttpContext.Request;
        var auth = req.Headers["Authorization"];
        if (!string.IsNullOrEmpty(auth))
        {
            var cred = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(auth.Substring(6))).Split(':');
            var user = new { Name = cred[0], Password = cred[1] };
            if (userService.AuthorizeTutor(user.Name, user.Password))
            {
                return;
            }
        }
        filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", $"Basic realm= {BasicRealm}");

        filterContext.Result = new HttpUnauthorizedResult();
    }
}

I would then like to display something on the main page for a user authenticated this way, but this does not work in my view :(

@if (Request.IsAuthenticated)
{
    <h1>Hello</h1>
}

I know this does not work because I do not use Identity, but is there a way I can do this?

Thanks for answers:)

+4
source share
5 answers

I assume that sending login and password in the header is unsafe. The best solution is once when the user is verified. And after checking you can check all requests.

, FormsAuthentication authCookie, :

  • auth mentod web.config: <authentication mode="Forms" />

  • , FormsAuthentication.SetAuthCookie(userName, createPersistentCookie = true); , .

  • this.Request.IsAuthenticated HttpContext.Current.Request.IsAuthenticated ( ).

  • [Authorize] conntrolers actions ( conntrollers). , ( web.config).

+2

(IsUserAuthenticated()) , . , , Request.IsAuthenticated.

, . (

userservice

)

public class RequestValidator
{
    public bool IsValid(HttpRequest request)
    {
       bool isValid  = false;

       //TODO: Intitialize your userService here, may be using DI or a concrete object creation depending on your implementation

       var auth = request.Headers["Authorization"];
       if (!string.IsNullOrEmpty(auth))
       {
           var cred = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(auth.Substring(6))).Split(':');
           var user = new { Name = cred[0], Password = cred[1] };

           isValid = userService.AuthorizeTutor(user.Name, user.Password))            
       }

      return isValid; 
    }
}


public class TutorAuthenticationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var req = filterContext.HttpContext.Request;
        RequestValidator validator = new RequestValidator(); 
        if(validator.IsValid(request))
        {
            return; 
        }

        filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", $"Basic realm= {BasicRealm}");

        filterContext.Result = new HttpUnauthorizedResult();
    }
}

, ,

public static class Extensions
{
    public static bool IsUserAuthenticated(this HttpRequest request)
    {
        RequestValidator validator = new RequestValidator(); 
        return validator.IsValid(request); 
    }
}

:

@if(Request.IsUserAuthenticated())
{
     <p>Hello</p>
}
+3

, , , , .

, , , Request.IsAuthenticated . .

- IAuthorizationFilter . .

, !

+1

, HttpContext.User - IPrincipal. , , GenericPrinicpal HttpContext.User , .

- :

var genericIdentity=new GenericIdentity(user.Name,  "CustomAuthType");
var genericPrincipal=new GenericPrincipal(genericIdentity, null);

HttpContext.User = genericPrincipal;

The GenericIdentityvalue IsAuthenticateddepends on the Name property, therefore, as soon as it GenericIdentityhas a name, it is considered authenticated.

In this example, I install HttpContext.User, not Thread.CurrentPrincipalso that you can get IsAuthenticatedfrom the property Request.IsAuthenticated.

Additional information and additional information:

GenericIdentity Class

Principal and Identity Objects

Create GenericPrincipal and GenericIdentity Objects

Replacing the main object

+1
source

in startup.cs file add this

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Login"),

            SlidingExpiration = true,
            ExpireTimeSpan = TimeSpan.FromMinutes(40)


        });
0
source

Source: https://habr.com/ru/post/1664715/

More articles:


All Articles