I am creating a new ASP.NET MVC 4 application (actually my first MVC application) that is a part of my previous ASP.NET web forms application. I have never used ASP.NET inbuilt authentication methods in any of my project. This new MVC 4 app will be published on a sub-domain of previous app. Login will be done from previous app. A return url should be provided from MVC app to return back to current page if not logged in. However, New User Registration, Account Recovery options are already developed in previous web forms application and I don't want to replicate them in my new MVC application.
A cookie token
with token number will be issued from web form application on the event of successful login which will be shared to all domain like *.maindomain.com
.
Now I want to merge my own token validation method with ASP.NET inbuilt methods so that I can make use of Authorize
and other security related options in my new MVC application.
In my previous application I have developed my custom user validation system in following way.
First, I have following related SQL Server tables
and following classes
public class Token
{
public static uint GenerateToken(string userEmail, string password, bool isPersistent)
{
// this static function generates a uint type unique token number
// and put this in the cookie "token" using HttpContext.Current.Response object.
// if isPersistent is set to true then cookie will be persistent otherwise not
// if there is any problem in creating token then it will throw an Exception with proper message
// Possible causes of not generating a token are
// 1. Invalid useremail or password
// 2. 'State' value in 'Member' table is 'EmailPending' or 'Suspended' (there is an enum for MemberState
}
public Token(uint tokenNo, bool validateImmediately = false)
{
// simply load token details with a few filed from member table from database
// Call validate function if validateImmediately is set to true
// Throws an exception if token does not exists in the database
}
public void Validate()
{
// Checks for everything like MemberState is Active and Token status is also Active and throws exception if anything wrong
// and then check (LastAccessedOn.AddSeconds(TokenLife) < AppSettings.Now) is not true
// Call UpdateStatus function with new token status and current page from HttpContext in comment parameter
}
public void UpdateStatus((TokenStatus newStatus, string comment = "")
{
// simply write both newStatus and Comment in Token table
// and remove the token cookie if newStatus is not set to Active
}
public uint TokenNumber { get; private set; }
public uint MemberNumber { get; private set; } // from Member table
public string Name { get; private set; } // from Member table
public MemberState MemberState { get; private set; } // from Member table
public string MemberEmail { get; private set; } // from member table
public uint BusinsessNo { get; private set; } // from Business table
public DateTime CreatedOn { get; private set; }
public DateTime LastAccessedOn { get; private set; }
public uint TokenLife { get; private set; } // from member
public string CreatedIP { get; private set; }
public string LastIP { get; private set; }
public bool IsPersistent { get; private set; }
public TokenStatus Status { get; private set; }
public string Comment { get; private set; }
public static Token Current
{
get
{
if (_t == null)
_t = new Token(uint.Parse(HttpContext.Current.Request.Cookies["token"].Value));
return _t;
}
}
private static Token _t;
}
public class Member
{
// all member related operations like new member, send verification email and verify email
}
For logging out user I simply call UpdateStatus like (TokenSatus.Closed, "User logged out")
. This method will take care of cookie removal.
Note: Member class has a property bool IsAdmin
. You know why its for.
Please suggest me a best solution to develop authentication system according to my needs in MVC application. I am telling you again that options like New User
, Account Recovery
and Email Verification
will be done in my previous ASP.NET web forms application. All I need to just put my Validate()
method of Token
class on right place in MVC application. I am really confused with several solution available on internet.