ASP. NET mvc3 bookstore-Section 7 user and Identity Authentication

Http://blog.sina.com.cn/s/blog_6ad539a90100r7jx.html

The problem is that any user can access our book management page through the storemanager controller. Next, let's add permission settings so that only the administrator can access this page.

7.1    AppendAccount (Account)Controller and view

   In ASP. net mvc 3, a complete Web ApplicationProgramOne of the differences between a template and an empty web application template is that an empty template does not include an account (account, or user) controller. We create an application with a complete ASP. NET mvc3 Web Application Template and copy some files from it.

   Create an ASP. Net mvc3 web application with the complete template and copy the following files to the same location of the application.

   1. Copy accountcontroller. CS to the controllers folder.

   2. Copy accountmodels. CS to the models folder.

   3. Create an account folder under the views folder and copy the four view template files in the account folder of the new application.

   The solution resource manager should be 7-1 after the copy is completed.

Figure 7-1 solution resource manager after the file is copied

   Modify accountcontroller. CS and accountmodels. the namespace in the CS file. change the namespace in the CS file to mvcbookstore. controllers, set accountmodels. change the namespace in the CS file to mvcbookstore. models.

7.2    UseASP. NETSet a website to append an administrator

   Before verifying whether the access user is an administrator user, create an administrator user. The easiest way to create administrator users is to use ASP. NET built-in website settings.

   Click the icon 7-2 in Solution Explorer to log on to ASP. NET.

Figure 7-2 click the icon to log on to ASP. NET to set the website

   After logging in, click the "Security" tab on the home page. Click the "enable role" link, as shown in 7-3.

Figure 7-3 enable roles in ASP. NET settings

  Click the "Create or Manage Roles" link, as shown in 7-4.

Figure 7-4 Create a role in ASP. NET

   In the new role name text box, enter the role name "Administrator" and click "add role. 7-5.

Figure 7-5 add the administrator role to the ASP. NET Website

   Click "previous", and then click the "create user" link on the left. 7-6.

Figure 7-6 create a user in ASP. NET

   Enter information similar to the following in the input text box on the left.

 

Text Box	Value
User Name	Admin
Password	Password &
Confirm Password	Password &
Email	(Enter an email address)
Seurity question	(Fill in any content)
Security answer	(Fill in any content)

 

   Select the administrator role for this user and click "create user", as shown in 7-7.

Figure7-7InASP. NETSet the user created in the website

   Then, you will see a message indicating that the user has been created successfully.

Figure 7-8 identifies a user's created information

   Now you can close the browser window.

7.3    Role-based user verification

   Now we can use the [authorize] attribute to limit that only the administrator can access the storemanager controller.CodeAs shown below.

[Authorize (roles ="Administrator")]

Public class storemanagercontroller: Controller

{

   // Controller code here

}

   Note that the [authorize] attribute can be used to restrict access to the entire controller, or to restrict access to an action method in the controller.

   When you access the "/storemanager" url, A Login Dialog Box is displayed, as shown in 7-9.

Figure 7-9 login is required to access the storemanager Controller

   Log On with the user identity we created, and you will continue to see the book list screen.