Controller for authentication (Windows Store apps)

Shows code that implements a System.Web.Mvc controller for authentication.

Banking app web service for authentication

The Windows Store app for banking requires a web service that provides authentication based on password credentials and certificates.

The following code example shows how to implement a System.Web.Mvc controller that provides authentication services.



using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Security.Principal;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Security;
using BankServer.Models;
using System.Security.Cryptography.X509Certificates;

namespace BankServer.Controllers
{

    [HandleError]
    public class AccountController : Controller
    {

        public IFormsAuthenticationService FormsService { get; set; }
        public IMembershipService MembershipService { get; set; }

        protected override void Initialize(RequestContext requestContext)
        {
            if (FormsService == null) { FormsService = new FormsAuthenticationService(); }
            if (MembershipService == null) { MembershipService = new AccountMembershipService(); }

            base.Initialize(requestContext);
        }

        // **************************************
        // URL: /Account/LogOn
        // **************************************

        [HttpPost]
        public ActionResult LogOn(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                    FormsService.SignIn(model.UserName, model.RememberMe);
                    if (!String.IsNullOrEmpty(returnUrl))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }

        [HttpPost]
        public JsonResult SimpleLogOn( string username, string password)
        {
            var result = new JsonResult(); 
            result.Data = new { user = username };
            return result;
        }

        [HttpPost]
	public JsonResult GetAccountInfo()
	{
	  var result = new JsonResult();
	  HttpClientCertificate clientCert = Request.ClientCertificate;
	  var strongAuth = false;
	  object[] accounts = new object[4];

	  accounts[0] = new
	    {
	      id = 43425453,
	      type = "Checking",
	      balance = 3000000
	    };
	  
	  accounts[1]= new
	    {
	      id = 43425453,
	      type = "Savings",
	      balance = 2000000000
	    };
	  
	  accounts[2] = new
	    {
	      id = 43425453,
	      type = "Credit Cards",
	      balance = 100.00
	    };

	  accounts[3] = new
	    {
	      id = 43425453,
	      type = "Loans",
	      balance = 545000
	    };

	  if (clientCert != null && clientCert.Certificate != null &&
              clientCert.Certificate.Length > 0) {
	    // Strong authentication. Allowed to access transfer/billpay.
	    strongAuth = true;
	  };
           
	  result.Data = new
	    {
	      accounts = accounts,
	      strongAuth = strongAuth
	    };

	  return result;
        }

        // **************************************
        // URL: /Account/LogOff
        // **************************************

        public ActionResult LogOff()
        {
            FormsService.SignOut();

            return RedirectToAction("Index", "Home");
        }

        // **************************************
        // URL: /Account/Register
        // **************************************

        public ActionResult Register()
        {
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            return View();
        }

        [HttpPost]
        public ActionResult Register(RegisterModel model)
        {
            if (ModelState.IsValid)
            {
                // Attempt to register the user
                MembershipCreateStatus createStatus = MembershipService.CreateUser(model.UserName, model.Password, model.Email);

                if (createStatus == MembershipCreateStatus.Success)
                {
                    FormsService.SignIn(model.UserName, false /* createPersistentCookie */);
                    return RedirectToAction("Index", "Home");
                }
                else
                {
                    ModelState.AddModelError("", AccountValidation.ErrorCodeToString(createStatus));
                }
            }

            // If we got this far, something failed, redisplay form
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            return View(model);
        }

        // **************************************
        // URL: /Account/ChangePassword
        // **************************************

        [Authorize]
        public ActionResult ChangePassword()
        {
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            return View();
        }

        [Authorize]
        [HttpPost]
        public ActionResult ChangePassword(ChangePasswordModel model)
        {
            if (ModelState.IsValid)
            {
                if (MembershipService.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword))
                {
                    return RedirectToAction("ChangePasswordSuccess");
                }
                else
                {
                    ModelState.AddModelError("", "The current password is incorrect or the new password is invalid.");
                }
            }

            // If we got this far, something failed, redisplay form
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            return View(model);
        }

        // **************************************
        // URL: /Account/ChangePasswordSuccess
        // **************************************

        public ActionResult ChangePasswordSuccess()
        {
            return View();
        }

    }
}


Related topics

System.Security.Cryptography.X509Certificates
System.Web.Mvc
CertificateEnrollmentManager
PasswordVault
Working with certificates
Creating a Windows Store app for banking
Create a Windows Store app for banking app: resources

 

 

Build date: 6/11/2013

Show:
© 2014 Microsoft