ahmed elbarbary

ahmed elbarbary

  • NA
  • 1.6k
  • 278.2k

How to make custom authorization security based on database

Nov 2 2019 9:57 PM
How to make custom authorization security based on database after login success ?
Problem
I work on project use asp.net mvc 5 and SQL server 2012 .
I need to make custom authorization system based on database using ado.net technology
so that if any one can helping by resources or source code or write source code or steps
after login success load
I need before any page on app open check or validate role
if have true on status on user_roles table than open page
if not redirect to page access is denied .
so what i do after login success ?
meaning what action event executed and where handle access to action or access denied after login success .
What I have tried:
I create 3 tables
Users
Roles
User_roles (userid from users table ,roleid from role table)
Sample
User_roles table
userid roleid pagenam status
michel Administration accounts.aspx true
  1. [HttpPost]    
  2.         public ActionResult Login(LoginView loginView, string ReturnUrl = "")    
  3.         {    
  4.             if (ModelState.IsValid)    
  5.             {    
  6.                 if (Membership.ValidateUser(loginView.UserName, loginView.Password))    
  7.                 {    
  8.                     var user = (CustomMembershipUser)Membership.GetUser(loginView.UserName, false);    
  9.                     if (user != null)    
  10.                     {    
  11.                         CustomSerializeModel userModel = new Models.CustomSerializeModel()    
  12.                         {    
  13.                             UserId = user.UserId,    
  14.                             FirstName = user.FirstName,    
  15.                             LastName = user.LastName,    
  16.                             RoleName = user.Roles.Select(r => r.RoleName).ToList()    
  17.                         };    
  18.     
  19.                         string userData = JsonConvert.SerializeObject(userModel);    
  20.                         FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket    
  21.                             (    
  22.                             1, loginView.UserName, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData    
  23.                             );    
  24.     
  25.                         string enTicket = FormsAuthentication.Encrypt(authTicket);    
  26.                         HttpCookie faCookie = new HttpCookie("Cookie1", enTicket);    
  27.                         Response.Cookies.Add(faCookie);    
  28.                     }    
  29.     
  30.                     if (Url.IsLocalUrl(ReturnUrl))    
  31.                     {    
  32.                         return Redirect(ReturnUrl);    
  33.                     }    
  34.                     else    
  35.                     {    
  36.                         return RedirectToAction("Index");    
  37.                     }    
  38.                 }    
  39.             }    
  40.             ModelState.AddModelError("""Something Wrong : Username or Password invalid ^_^ ");    
  41.             return View(loginView);    
  42.         }    
 

Answers (2)