The following lines do not work. The bool is always false. I have been having trouble getting danni's site to work so if the reply is too short it's 'cuz I typed in the longer version three times and got errrors.

FormsAuthentication.SetAuthCookie(login.EmailAddress, login.RememberMe);
bool isauth = User.Identity.IsAuthenticated;

Recommended Answers

All 7 Replies

Here is the login controller;

/*Author: Cameron Block*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

using CameronBlog.Models;

namespace CameronBlog.Controllers {
    public class LoginController : Controller {
        // GET: Login
        public ActionResult Index() {
            return View();
        }//end method

        [HttpGet]
        public ActionResult Login() {
            return View();
        }//end method

        [HttpPost]
        public ActionResult Login(Models.Login login) {
            if (ModelState.IsValid) {
                if (login.IsValid()) {
                    FormsAuthentication.SetAuthCookie(login.EmailAddress, login.RememberMe);
                    bool isauth = User.Identity.IsAuthenticated;
                    return RedirectToAction("Index", "Home");
                }
                else {
                    ModelState.AddModelError("", "Incorrect email or password. ");
                }
            }
            return View(login);
        }//end method

        public ActionResult Logout() {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }//end method

    }//end class

}//end namespace

Here is the markup;

<!-- Author: Cameron Block -->
@model CameronBlog.Models.Login

@{
    ViewBag.Title = "Login";
}

<div class="jumbotron">
    <h1>Login</h1>
    <p class="lead">Log into Cameron's Web Blog. </p>
</div>

@using (Html.BeginForm("Login", "Login", new { @class = "form-horizontal" })) {
    @Html.ValidationSummary(true, "Login Failed. Check your login credentials. ");
    <div class="row">
        <div class="col-md-5">
            <div class="form-group">
                @Html.LabelFor(login => login.EmailAddress, new { @class = "control-label col-sm-3" })
                <div class="col-sm-9 form-control-static">
                    @Html.TextBoxFor(login => login.EmailAddress, new { @class = "form-control" })
                    @Html.ValidationMessageFor(login => login.EmailAddress)
                </div>

            </div>
            <div class="form-group">
                @Html.LabelFor(login => login.Password, new { @class = "control-label col-sm-3" })
                <div class="col-sm-9 form-control-static">
                    @Html.PasswordFor(login => login.Password, new { @class = "form-control" })
                    @Html.ValidationMessageFor(login => login.Password)
                </div>
            </div>
            <div class="form-group">
                <div class="col-sm-6 form-control-static">
                    @Html.CheckBoxFor(login => login.RememberMe, new { @class = "form-control  col-sm-4" })
                </div>
                @Html.LabelFor(login => login.RememberMe, new { @class = "col-sm-4" })
            </div>
        </div>
    </div>
    <input type="submit" class="btn btn-primary" value="Log In" />
}

Here is the Login Model;

/*Author: Cameron Block*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.ComponentModel.DataAnnotations;

using CameronBlog.Repositories;

namespace CameronBlog.Models {
    /// <summary>
    /// The object associated with the login procedure. 
    /// </summary>
    public class Login {

        /// <summary>
        /// The User's Email Address. 
        /// </summary>
        [Required]
        [Display(Name = "User Name")]
        public String EmailAddress {
            get; set;
        }//end property

        /// <summary>
        /// The User's password. 
        /// </summary>
        [Required]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public String Password {
            get; set;
        }//end property

        /// <summary>
        /// Login control can remember users when they log in next time. 
        /// </summary>
        [Display(Name = "Remember Me")]
        public bool RememberMe {
            get; set;
        }//end property

        public bool IsValid() {
            try {
                using (UserRepository usrRepo = new UserRepository()) {
                    usrRepo.BeginTransaction();
                    return usrRepo.IsValidLogin(this);
                }
            }
            catch (Exception ex) {
                return false;
            }
        }//end method

    }//end class

}//end namespace

Here is the User object;

/*Author: Cameron Block*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Configuration;

namespace CameronBlog.Models {
    /// <summary>
    /// Representation of users in the blogging system. 
    /// </summary>
    public class User {

        /// <summary>
        /// Unique identifier for group used by program and database layer. 
        /// </summary>
        public int UserId {
            get; set;
        }

        /// <summary>
        /// The user's email address. 
        /// </summary>
        public String EmailAddress {
            get; set;
        }

        /// <summary>
        /// A hash of the users password is stored in the database and used for logins. 
        /// Storing a hash is more secure than storing plaintext. 
        /// No Company should have a comprehensive plaintext wordlist of it's users. 
        /// SHA-256 with a byte array storage size of 256
        /// </summary>
        public byte[] PasswordHash {
            get; set;
        }

        public User() {

        }

        public void SetPassword(String password) {
            //get salt from web config
            byte[] salt = Encoding.UTF8.GetBytes(System.Configuration.ConfigurationManager.AppSettings["salt"].ToString());
            byte[] passBytes = Encoding.UTF8.GetBytes(password);

            //perpend salt to password
            byte[] catPass = salt.Concat(passBytes).ToArray();

            //call all the hash algorithims here
            HashAlgorithm hashAlg = SHA512.Create();
            this.PasswordHash = hashAlg.ComputeHash(catPass);
        }//end method

        public bool ComparePassword(String password) {
            //get salt from web config
            byte[] salt = Encoding.UTF8.GetBytes(System.Configuration.ConfigurationManager.AppSettings["salt"].ToString());
            byte[] passBytes = Encoding.UTF8.GetBytes(password);

            //perpend salt to password
            byte[] catPass = salt.Concat(passBytes).ToArray();

            //call all the hash algorithims here
            HashAlgorithm hashAlg = SHA512.Create();

            byte[] incomingHash = hashAlg.ComputeHash(catPass);

            if (incomingHash.SequenceEqual(this.PasswordHash))
                return true;

            return false;
        }//end method
    }//end class

}//end namespace

P.S. There may be a length problem with the site.

Your community is lame. I have posted about 3 discussions here about professional programming and no-body could help.

I have a workaround of sorts, I will be looking into entity framework Identity framework for future projects, but instead of a cookie I will be using Session variables to store user name on the server. After the user logs in the user will have a session variable populated with their user name/email address, If the variable is null the user is re-directed to the login page. The user name can be used with a standard cookie, but it is not advisable to use a password cookie of the standard nature.

In addition here is an example of my IsValidLogin method:

        public bool IsValidLogin(Login login) {
            bool isValid = false;
            ISession session = OpenSession();
            using (ITransaction tx = session.BeginTransaction()) {
                User user = session.Query<User>()
                        .Where(usr => usr.EmailAddress.ToLower() == login.EmailAddress.ToLower() && usr.IsActive == true)
                        .ToList()
                        .First();

                isValid = user.ComparePassword(login.Password);
            }
            return isValid;
        }//end method

I added another method where the program checks if the user has been banned or not, Ex: IsActive.

Here is my Login method on the login controller;

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Login(Models.Login login) {

            if (login.RememberMe) {
                HttpCookie cookie = new HttpCookie("AdHockeyLogin");
                cookie.Values.Add("UserName", login.EmailAddress);
                cookie.Values.Add("RememberMe", login.RememberMe.ToString());
                cookie.Expires = DateTime.Now.AddDays(15);
                Response.Cookies.Add(cookie);
            }

            if (ModelState.IsValid) {
                if (login.IsValid()) {
                    //log the user login attempt
                    log.Debug(String.Format("User {0} logged in. ", login.EmailAddress));

                    Session["USER_NAME"] = login.EmailAddress.ToString();
                    Session["PASSWORD"] = login.Password.ToString();

                    return RedirectToAction("Index", "Home");
                }
                else {
                    ModelState.AddModelError("", "Incorrect email or password. ");
                }
            }
            return View("index", login);
        }//end method
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.