asp.net mvc 5 - MVC5 EF6 How to add confirmation screen with additional authentication before submitting data -


developing new mvc5 project. have scaffolding in place crud functionality there requirement when data inserted or updated, e-signature required. before data can submitted database user must presented page asking them enter username , password again confirm data. if username , password entered valid , username matches signed in user, original data entered can saved table (for example member) , e-signature information saved separate table (esignature). i'd appreciate on best way go - view model combining member , esignature, or reuse of loginviewmodel account controller check authentication, or alternative approach? need can use across half dozen controllers e-signatures required.

alright maybe approach not best attempt.

my solution create customattribute: authorizeattribute , decorate actions require esignature. in customattribute implementation redirect controller action similar login slight modification. 

public class customauthorize : authorizeattribute     {         public override void onauthorization(authorizationcontext filtercontext)         {             base.onauthorization(filtercontext);              var url = filtercontext.httpcontext.request.url;             var query = url.query;             if (query.contains("g="))             {                 var code = query.split(new string[] { "g=" }, stringsplitoptions.none);                 //you can create time sensistive token , validate it.             }             else             {                 //redirect user particular page                 filtercontext.result = new redirecttorouteresult(                                         new routevaluedictionary                                      {                                                                         { "controller", "account" },                                     { "action", "elogin" },                                     { "redirecturl", url.absolutepath}                                     }                 );             }         }      }

then decorate example index() method it.

[customauthorize] public actionresult index() {   return view(); }

at first when hit index() method inside onauthorization method of customauthorizeattribute else loop gets executed , re-directs elogin method inside accountcontroller. method similar login httpget method. while specifying redirecttoresult specifying redirecturl path of current page when validate user inside elogin method of redirecturl can come back. 

 [allowanonymous]         public actionresult elogin(string returnurl)         {             viewbag.returnurl = returnurl;             return view("login");         }          //         // post: /account/login         [httppost]         [allowanonymous]         [validateantiforgerytoken]         public async task<actionresult> elogin(loginviewmodel model, string returnurl)         {             if (modelstate.isvalid)             {                 var user = await usermanager.findasync(model.username, model.password);                 if (user != null)                 {                     await signinasync(user, model.rememberme);                     var url =  string.format("{0}/?g={1}", returnurl, "hashcode");                     return redirecttolocal(url);                 }                 else                 {                     modelstate.addmodelerror("", "invalid username or password.");                 }             }              // if got far, failed, redisplay form             return view(model);         }

the difference in httppost elogin method before doing redirecttolocal append /g=hascode. note: here can append own logic create time sensitive hash. when redirected our home page can inspect inside our onauthorization method if url contains g=hashcode don't redirect login page.

this basic idea on how can approach force users re-sign in whenever hit specific controllers. have additional security checks , careful in exposing via url.


Comments

Post a Comment

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

i using signpost oauth access data magento server. have read various tutorials on same , reach point open browser user can enter credentials. however, per requirement have automate part. hence, user should not browser page. have set-up done on server side ( magento ), hit url , returned call page. same through program in android. i have tried below, consumer = new commonshttpoauthconsumer(key, secret); provider = new commonshttpoauthprovider(oauth_init_url,access_token_url, authorize_url); try { provider.retrieverequesttoken(consumer, oauth.out_of_band); log.d("tokens" , consumer.gettoken() + " -- " + consumer.gettokensecret()); } and request tokens. dont know how bypass next step. tried directly accessing accesstoken (stupid of me) provider.retrieveaccesstoken(consumer, "mycallback://callback"); no luck, ends in oauth.signpost.exception.oauthnotauthorizedexception: authorization failed (server replied 401). ...
Read more

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

getting error org.mockito.exceptions.misusing.invaliduseofmatchersexception: invalid use of argument matchers! 1 matchers expected, 2 recorded. exception may occur if matchers combined raw values: //incorrect: somemethod(anyobject(), "raw string"); when using matchers, arguments have provided matchers. example: //correct: somemethod(anyobject(), eq("string matcher")); at when( getprogramservice .callservice(any(getprogramtype.class))) .thenreturn(jaxbresponse); please explain error , possible resolution the code posted looks fine; don't see problem it. code before or above causing exception. key here: invalid use of argument matchers! 1 matchers expected, 2 recorded. any , used above, doesn't return "special kind of null" or "special kind of getprogramtype"; don't exist. instead, returns null , side effect puts matcher on stack. whe...
Read more

google shop client API returns 400 bad request error while adding an item -

i'm working on solution add items in google shopping market java application. following tutorial real mess because of missing classes of laste release, after setting 1.5-beta maven managed make base example typecheck correctly classes. still can make simple task of adding 1 item. instead of posting whole code i'm posting part creates product feed. private product createproduct(string id) { product product = new product(); product.title = "red wool sweater"; product.content = new content( "text", "comfortable , soft, sweater keep warm on " + "cold winter nights. red , blue stripes."); product.appcontrol = new appcontrol(); product.appcontrol.addrequireddestination("productads"); product.externalid = id; product.lang = "it"; product.country = "it"; product.condition = "nuovo"; product.price = new price("eu...
Read more