Hi,
As I mentioned on my blog HERE Microsoft has already released Preview 4 for ASP .Net MVC framework. I have already demonstrated how we can create a sample application and what are the functionalities provided with the basic start up application. In this article we will implement our own authentication in the sample application created using MVC Preview 4 default application. For quick review let me make clear that the basic authentication is integrated with ASP .Net membership services for the default application being created. See my post.
We will add our own database structure and try to authenticate a user using LINQ to SQL functionalities. For this we will use the same database structure we used in our article series for LINQ to SQL. Those who are new please check this series if you want to know more about the database structure. I am also including database creation script along with this article’s source code.
Ok. So let’s begin with our tutorial. First of all let’s crate a new MVC application using installed template like below. If you don’t know where to get this MVC Preview 4 please check my blog.
Give appropriate name to your application. Go ahead and click Ok. Select your favorite testing tool from the drop down. Here I am keeping it as default.
Let’s examine the basic folder structure of this newly created application.
If you see the Views here there are some more views created then we had in Preview 3. Because here we have functionality implemented with asp .net membership services. We have login, register, and change password and change password success views under Account folder. As I mentioned we have this functionalities already implemented. What we need to do is connect this application to our own database and implement our own authentication functionalities.
We have our table structure ready. You can also use the same database we used in past for created sample LINQ to SQL application. If not please download the SQL file attached here. Create a database named LinkMVC and run this script it will create necessary tables and stored procedures in your newly created database. Once this is done go back to your application and add a new LINQ to SQL Classes file in your application as demonstrated below.
Note: Here the question is where to add this file. Usually in your MVC architecture Models is the place where you perform your database related operations. So in our case we will add this file in the Models folder.
Once this is done go to your server explorer and find out the database you created and select all three tables and drag drop them to this newly created dbml file. You should see something like below.
It means we have our LINQ to SQL classes ready to be used. Now the last step we need to do before we jump into actual coding is to drag drop the stored procedure to authenticate a user we have already created in our database. Go ahead and drag drop that stored procedure onto your dbml file as shown below.
Ok. We are all set to use our new database and we already have our database methods in place to implement the login functionalities. Now let’s go to your AccountController.cs file and locate the login method which is already implemented by .Net IDE. Comment out that method or delete it and place this method shown below.
public ActionResult Login(string username, string password, bool? rememberMe)
{
ViewData["Title"] = "Login";
if (Request.HttpMethod != "POST")
{
return View();
}
// Basic parameter validation
List<string> errors = new List<string>();
if (String.IsNullOrEmpty(username))
{
errors.Add("You must specify a username.");
}
if (errors.Count == 0)
{
LinksMVC.Models.LinkManagerDataContext lm = new LinksMVC.Models.LinkManagerDataContext();
Nullable<int> userid = null;
lm.fm_AuthenticateUser(username, password, ref userid);
if (userid >0)
{
FormsAuth.SetAuthCookie(username, rememberMe ?? false);
return RedirectToAction("Index", "Home");
}
else
{
errors.Add("The username or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
ViewData["errors"] = errors;
ViewData["username"] = username;
return View();
}
If you compare the previous method and this method you will find very small difference and that is the authentication method call.
LinksMVC.Models.LinkManagerDataContext lm = new LinksMVC.Models.LinkManagerDataContext();
Nullable<int> userid = null;
lm.fm_AuthenticateUser(username, password, ref userid);
if (userid >0)
{
FormsAuth.SetAuthCookie(username, rememberMe ?? false);
return RedirectToAction("Index", "Home");
}
This code is taking care of our authentication. Let’s understand what we did here. We created a new instance of the data context we created by importing SQL tables to our LINQ to SQL class files. One interesting to note is the LinksMVC.Models. Whenever you add this under your Models it will get this namespace by default where LinksMVC is the name of the project we have created.
Coming back to original track what we did is called the authenticate method (stored procedure) we have defined in our database. What it does is it takes username and password as input and checks them against database record if they match the user is authenticated so it will return the userid of the user. If they don’t match it will return 0. So we are catching this value in the output variable. If you don’t know how to map them to the please refer to this article. And on the basis of that variable we are authenticating the user or showing appropriate message. If you notice one thing we are also validating user input and check if the username field is left blank we are just capturing that error and returning the view. So with this preview we have validation in place as well and a very good demonstration of them. Once this is done go ahead and run your application. And try to login with the username password pair you already have in your database. It should work fine.
I have attached the database script and sample application I have created for the demo. Download them if you want or create on your own.
Thanks