Customizing authorization in ASP.NET MVC

You can build your own authorize attribute like this: public class ClubAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.Cancel && filterContext.Result is HttpUnauthorizedResult) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { “clubShortName”, filterContext.RouteData.Values[ “clubShortName” ] }, { “controller”, “Account” }, { “action”, “Login” }, { “ReturnUrl”, filterContext.HttpContext.Request.RawUrl } }); … Read more

DropDownListFor Not Selecting Value

After researching for an hour, I found the problem that is causing the selected to not get set to DropDownListFor. The reason is you are using ViewBag’s name the same as the model’s property. Example public class employee_insignia { public int id{get;set;} public string name{get;set;} public int insignia{get;set;}//This property will store insignia id } // … Read more

DataAnnotations dynamically attaching attributes

MVC has a hook to provide your own ModelValidatorProvider. By default MVC 2 uses a sub class of ModelValidatorProvider called DataAnnotationsModelValidatorProvider that is able to use System.DataAnnotations.ComponentModel.ValidationAttribute attributes for validation. The DataAnnotationsModelValidatorProvider uses reflection to find all the ValidationAttributes and simply loops through the collection to validate your models. All you need to do is … Read more

ASP.NET MVC A potentially dangerous Request.Form value was detected from the client when using a custom modelbinder

You have a few options. On the model add this attribute to each property that you need to allow HTML – best choice using System.Web.Mvc; [AllowHtml] public string SomeProperty { get; set; } On the controller action add this attribute to allow all HTML [ValidateInput(false)] public ActionResult SomeAction(MyViewModel myViewModel) Brute force in web.config – definitely … Read more

MVC5 Claims version of the Authorize attribute

I ended up just writing a simple attribute to handle it. I couldn’t find anything in the framework right out of the box without a bunch of extra config. Listed below. public class ClaimsAuthorizeAttribute : AuthorizeAttribute { private string claimType; private string claimValue; public ClaimsAuthorizeAttribute(string type, string value) { this.claimType = type; this.claimValue = value; … Read more

MVC 5 Seed Users and Roles

Here is example of usual Seed approach: protected override void Seed(SecurityModule.DataContexts.IdentityDb context) { if (!context.Roles.Any(r => r.Name == “AppAdmin”)) { var store = new RoleStore<IdentityRole>(context); var manager = new RoleManager<IdentityRole>(store); var role = new IdentityRole { Name = “AppAdmin” }; manager.Create(role); } if (!context.Users.Any(u => u.UserName == “founder”)) { var store = new UserStore<ApplicationUser>(context); var … Read more

ASP.NET MVC – Authenticate users against Active Directory, but require username and password to be inputted

You can use the standard Internet application template with forms authentication and insert an ActiveDirectoryMembershipProvider into the web.config: <connectionStrings> <add name=”ADConnectionString” connectionString=”LDAP://YOUR_AD_CONN_STRING” /> </connectionStrings> <system.web> <authentication mode=”Forms”> <forms name=”.ADAuthCookie” loginUrl=”~/Account/LogOn” timeout=”15″ slidingExpiration=”false” protection=”All” /> </authentication> <membership defaultProvider=”MY_ADMembershipProvider”> <providers> <clear /> <add name=”MY_ADMembershipProvider” type=”System.Web.Security.ActiveDirectoryMembershipProvider” connectionStringName=”ADConnectionString” attributeMapUsername=”sAMAccountName” /> </providers> </membership> </system.web> In this way you get the … Read more

Fat model / thin controller vs. Service layer [closed]

All of this depends on the intention and requirements of your application. That said, here’s my suggestion for “mid scale” (not a local restaurant, and not Twitter/Facebook) web applications. Lean Domain Modeling Dry POCO style objects, preferably ignorant to the MVC architecture of your web application to remain as loosely coupled from your particular implementation … Read more