How to make custom authorization security based on database

Nov 2 2019 9:57 PM

How to make custom authorization security based on database after login success ?

Problem

I work on project use asp.net mvc 5 and SQL server 2012 .

I need to make custom authorization system based on database using ado.net technology

so that if any one can helping by resources or source code or write source code or steps

after login success load

I need before any page on app open check or validate role

if have true on status on user_roles table than open page

if not redirect to page access is denied .

so what i do after login success ?

meaning what action event executed and where handle access to action or access denied after login success .

What I have tried:

I create 3 tables

Users

Roles

User_roles (userid from users table ,roleid from role table)

Sample

User_roles table

userid roleid pagenam status

michel Administration accounts.aspx true

[HttpPost]
public ActionResult Login(LoginView loginView, string ReturnUrl = "")
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(loginView.UserName, loginView.Password))
{
var user = (CustomMembershipUser)Membership.GetUser(loginView.UserName, false);
if (user != null)
{
CustomSerializeModel userModel = new Models.CustomSerializeModel()
{
UserId = user.UserId,
FirstName = user.FirstName,
LastName = user.LastName,
RoleName = user.Roles.Select(r => r.RoleName).ToList()
};
string userData = JsonConvert.SerializeObject(userModel);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket
(
1, loginView.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData
);
string enTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie("Cookie1", enTicket);
Response.Cookies.Add(faCookie);
}
if (Url.IsLocalUrl(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index");
}
}
}
ModelState.AddModelError("", "Something Wrong : Username or Password invalid ^_^ ");
return View(loginView);
}

Answers (2)