DonatoDeluxe
DonatoDeluxe
PostsComments
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
alright thank you 🤗 . i'm done for today but i will get back if i'm stuck again 🙂
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
thank you. i just don't rly understand how i have to use it since these documentations don't have any examples... is it correct that i have to assign it in the constructor like: 
private readonly ApplicationDbContext _context;
private UserManager<User> _userManager;

public UsersController(ApplicationDbContext context, UserManager<User> userManager)
{
    _context = context;
    _userManager = userManager;
}
private readonly ApplicationDbContext _context;
private UserManager<User> _userManager;

public UsersController(ApplicationDbContext context, UserManager<User> userManager)
{
    _context = context;
    _userManager = userManager;
}
and then later just use 
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create([Bind("Id,Name,Email")] User newUser, string Password)
{
    if (ModelState.IsValid)
    {
        await _userManager.CreateAsync(newUser, Password);
        _context.Add(newUser);
        await _context.SaveChangesAsync();
        return RedirectToAction(nameof(Index));
    }
    return View(newUser);
}
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create([Bind("Id,Name,Email")] User newUser, string Password)
{
    if (ModelState.IsValid)
    {
        await _userManager.CreateAsync(newUser, Password);
        _context.Add(newUser);
        await _context.SaveChangesAsync();
        return RedirectToAction(nameof(Index));
    }
    return View(newUser);
}
?
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
so i guess i don't map the password parameter here to the user object right? i'm so confused.... i don't get how i should set the User.PasswordHash when creating a user. it doesn't seem that either IdentityUser or UserManager has a method for hashing the inputted password string
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
will google the differences between hashing and encrypting later then. so for now you say there is already a secure build in functionality for the password handling?
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
😅 got it online, it made sense to me so therefore i used it. man i hate that i'm such a rookie when it goes a bit deeper than just creating classes and show data on a page 🙃
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
No description
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
i'm just wondering why would the ID of a model be of type string? are numbers not more of a standart type for ID's?
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
i guess since you told i should not do things like that
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
since password is not just a string property anymore, i would have to change it everywhere i used it. same with the ID property. i used an int type but the framework uses a string type as ID
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
No description
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
so i have to extend the user class like public class User : IdentityUser right? the thing is, that it fucks up my whole code for the user class.... i guess i should just delete my user class and use IdentityUser
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
can i use the SignInManager with my simple custom "User" class or do i need to add all the models from the identityframework to my db and code?
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
i'm gonna look into that thank you
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
i can start the application and it behaves as i wanted to. if no user is logged in, i can access actions with the 
[AllowAnonymous]
[AllowAnonymous]
attribute. if i want to access one where 
[Authorize(Policy = "AdminOnly")]
[Authorize(Policy = "AdminOnly")]
is set, then it redirects me to the login page. after i log in as a user, it still behaves like i'm not logged in so therefore sends me back to the login page once i want to access an "AdminOnly" action as a logged in admin.
48 replies
CC#
Created by DonatoDeluxe on 2/7/2024 in #help
Asp.Net 7.0 MVC Project - Authentication/Authorization
i've tried adding the "SignIn"-method in my Login action from a tutorial but it didn't work. here is my full Login action 
[HttpPost]
[AllowAnonymous]
public IActionResult Login(string Name, string Password)
{
    if (!ModelState.IsValid)
    {
        return View();
    }

    var password = Helper.Password.Encrypt(Password ?? "");
    var user = _context.User.SingleOrDefault(u => u.Name == Name && u.Password == password);

    if (user == null)
    {
        ModelState.AddModelError("", "Name oder Passwort ist falsch");
        return View();
    }

    SignIn(new ClaimsPrincipal(
        new ClaimsIdentity(
            new Claim[]
            {
                new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()),
                new Claim(ClaimTypes.Role, user.IsAdmin ? "Admin" : "User"),
            },
            "cookie",
            nameType: null,
            roleType: ClaimTypes.Role
            )
        ),
        authenticationScheme: "cookie"
    );

    return RedirectToAction("Index", "Home");
}
[HttpPost]
[AllowAnonymous]
public IActionResult Login(string Name, string Password)
{
    if (!ModelState.IsValid)
    {
        return View();
    }

    var password = Helper.Password.Encrypt(Password ?? "");
    var user = _context.User.SingleOrDefault(u => u.Name == Name && u.Password == password);

    if (user == null)
    {
        ModelState.AddModelError("", "Name oder Passwort ist falsch");
        return View();
    }

    SignIn(new ClaimsPrincipal(
        new ClaimsIdentity(
            new Claim[]
            {
                new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()),
                new Claim(ClaimTypes.Role, user.IsAdmin ? "Admin" : "User"),
            },
            "cookie",
            nameType: null,
            roleType: ClaimTypes.Role
            )
        ),
        authenticationScheme: "cookie"
    );

    return RedirectToAction("Index", "Home");
}
48 replies