Added admin page with authentication.

1996dylanriley · 1996dylanriley · commit 7477068cff15 · 2016-06-30T19:29:44.000+01:00
diff --git a/SimpleBlog/App_Start/RouteConfig.cs b/SimpleBlog/App_Start/RouteConfig.cs
@@ -19,6 +19,7 @@ public static void RegisterRoutes(RouteCollection routes)
             routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
 
             routes.MapRoute("Login", "login", new { Controller = "Auth", Action = "login" }, namespaces);
+            routes.MapRoute("Logout", "logout", new { Controller = "Auth", Action = "Logout" }, namespaces);
 
             routes.MapRoute("Home", "", new {Controller = "Posts", Action = "Index"}, namespaces );
         }
diff --git a/SimpleBlog/Areas/Admin/Controllers/PostsController.cs b/SimpleBlog/Areas/Admin/Controllers/PostsController.cs
@@ -6,6 +6,7 @@
 
 namespace SimpleBlog.Areas.Admin.Controllers
 {
+    [Authorize(Roles = "admin")] // This tell mvc that you cannot access this page if you are not logged in or your role isn't allow
     public class PostsController : Controller
     {
         // GET: Admin/Posts
diff --git a/SimpleBlog/Areas/Admin/Controllers/UsersController.cs b/SimpleBlog/Areas/Admin/Controllers/UsersController.cs
@@ -6,8 +6,10 @@
 
 namespace SimpleBlog.Areas.Admin.Controllers
 {
+    [Authorize(Roles = "admin")]
     public class UsersController : Controller
     {
+
         // GET: Admin/Users
         public ActionResult Index()
         {
diff --git a/SimpleBlog/Controllers/AuthController.cs b/SimpleBlog/Controllers/AuthController.cs
@@ -3,31 +3,37 @@
 using System.Linq;
 using System.Web;
 using System.Web.Mvc;
+using System.Web.Security;
 using SimpleBlog.ViewModels;
 
 namespace SimpleBlog.Controllers
 {
     public class AuthController : Controller
+
     {
+        public ActionResult Logout()
+        {
+            FormsAuthentication.SignOut();
+            return RedirectToRoute("home");
+        }
         // GET: Auth
         public ActionResult Login()
         {
             return View(new AuthLogin { });
         }
 
         [HttpPost]
-        public ActionResult Login(AuthLogin form)
+        public ActionResult Login(AuthLogin form, string returnUrl) // the string returnUrl redirects the user to where they want to go if they sign in successfully.
         {
             if (!ModelState.IsValid) //This tells mvc what to do if the required fields in the model(auth.cs) are invalid.
             return View(form); // the form parameter here means retrun the form as it was submitted(the post request).
 
-            if (form.UserName != "dylan riley")
-            {
-                ModelState.AddModelError("UserName", "Your username proves to me that you are not a boss!");
-                return View(form);
-            }
+            FormsAuthentication.SetAuthCookie(form.Username, true);
+
+            if (!string.IsNullOrWhiteSpace(returnUrl))
+                return Redirect(returnUrl);
 
-            return Content("The form is valid");
+            return RedirectToRoute("home");
         }
     }
 }
diff --git a/SimpleBlog/Controllers/PostsController.cs b/SimpleBlog/Controllers/PostsController.cs
@@ -8,6 +8,7 @@ namespace SimpleBlog.Controllers
 {
     public class PostsController : Controller
     {
+        
         public ActionResult Index()
         {
             return View();
diff --git a/SimpleBlog/Infrastructure/RoleProvider.cs b/SimpleBlog/Infrastructure/RoleProvider.cs
@@ -0,0 +1,77 @@
+﻿using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace SimpleBlog.Infrastructure
+{
+    public class RoleProvider : System.Web.Security.RoleProvider
+
+    {
+        public override string ApplicationName
+        {
+            get
+            {
+                throw new NotImplementedException();
+            }
+
+            set
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void CreateRole(string roleName)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override string[] FindUsersInRole(string roleName, string usernameToMatch)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override string[] GetAllRoles()
+        {
+            throw new NotImplementedException();
+        }
+
+        public override string[] GetRolesForUser(string username)
+        {
+            if (username == "dylan")
+                return new[] { "admin" };
+
+            return new string[] {};
+        }
+
+        public override string[] GetUsersInRole(string roleName)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override bool IsUserInRole(string username, string roleName)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override bool RoleExists(string roleName)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}
diff --git a/SimpleBlog/SimpleBlog.csproj b/SimpleBlog/SimpleBlog.csproj
@@ -152,6 +152,7 @@
     <Compile Include="Global.asax.cs">
       <DependentUpon>Global.asax</DependentUpon>
     </Compile>
+    <Compile Include="Infrastructure\RoleProvider.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="ViewModels\Auth.cs" />
   </ItemGroup>
diff --git a/SimpleBlog/ViewModels/Auth.cs b/SimpleBlog/ViewModels/Auth.cs
@@ -5,7 +5,7 @@ namespace SimpleBlog.ViewModels
     public class AuthLogin
     {
         [Required] // this is another annotation
-        public string UserName { get; set; }
+        public string Username { get; set; }
 
         
         [Required, DataType(DataType.Password)] // this here is how we tell the view that the html.EditorFor contains password data. This is called
diff --git a/SimpleBlog/Views/Auth/Login.cshtml b/SimpleBlog/Views/Auth/Login.cshtml
@@ -6,13 +6,13 @@
 {
     @Html.ValidationSummary() // this here is a really cool feature that return a deafault message if a feild isn't valid.
                             <div>
-                                @Html.LabelFor(x => x.UserName)
-                                @Html.EditorFor(x => x.UserName) <!-- As this is a strongly typed view I can use the -->
+                                @Html.LabelFor(x => x.Username)
+                                @Html.EditorFor(x => x.Username) <!-- As this is a strongly typed view I can use the -->
                                 <!--name username to associate it with the property by the same name in the view model-->
                             </div>
                             <div>
                                 @Html.LabelFor(x => x.Password)
-                               <!--- <label>@:Model.Password</label> ->
+                               <!--- <label>(at sign goes here)Model.Password</label> -->
 
                                 @Html.EditorFor(x => x.Password)
                             </div>
diff --git a/SimpleBlog/Views/Shared/_Layout.cshtml b/SimpleBlog/Views/Shared/_Layout.cshtml
@@ -11,8 +11,23 @@
 </head>
 <body>
     <div>
-        <header><h1><a href="@Url.RouteUrl("home")">Simple blog</a></h1></header>
-        <a href="@Url.RouteUrl("login")">login</a>
+        <header>
+            <h1><a href="@Url.RouteUrl("home")">Simple blog</a></h1>
+            @if (User.Identity.IsAuthenticated)
+            {
+                <p> Welcome Back @User.Identity.Name</p>
+                <a href="@Url.RouteUrl("logout")">Logout</a>
+                if(User.IsInRole("admin"))
+                {
+                    <a href="@Url.Action("index", "Posts", new { area = "admin"})">View posts in admin</a> <!-- the reason i put new {area = "admin"} is because the overload requires an object-->
+               }
+            }
+            else
+            {
+            <a href="@Url.RouteUrl("login")">login</a>
+            }
+           
+        </header>
         @RenderBody()
     
     </div>
diff --git a/SimpleBlog/Web.config b/SimpleBlog/Web.config
@@ -11,6 +11,20 @@
     <add key="UnobtrusiveJavaScriptEnabled" value="true"/>
   </appSettings>
   <system.web>
+
+    <authentication mode="Forms">
+      <forms loginUrl="~/login"></forms>
+    </authentication>
+
+    <roleManager enabled="true" defaultProvider="SimpleBlogProvider">
+      <providers>
+        <clear/>
+        <add name="SimpleBlogProvider" type ="SimpleBlog.Infrastructure.RoleProvider"/>
+      </providers>
+      
+    </roleManager>    
+    
+    
     <compilation debug="true" targetFramework="4.5.2"/>
     <httpRuntime targetFramework="4.5.2"/>
     <httpModules>
diff --git a/SimpleBlog/bin/SimpleBlog.dll.config b/SimpleBlog/bin/SimpleBlog.dll.config
@@ -11,6 +11,20 @@
     <add key="UnobtrusiveJavaScriptEnabled" value="true"/>
   </appSettings>
   <system.web>
+
+    <authentication mode="Forms">
+      <forms loginUrl="~/login"></forms>
+    </authentication>
+
+    <roleManager enabled="true" defaultProvider="SimpleBlogProvider">
+      <providers>
+        <clear/>
+        <add name="SimpleBlogProvider" type ="SimpleBlog.Infrastructure.RoleProvider"/>
+      </providers>
+      
+    </roleManager>    
+    
+    
     <compilation debug="true" targetFramework="4.5.2"/>
     <httpRuntime targetFramework="4.5.2"/>
     <httpModules>

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ public static void RegisterRoutes(RouteCollection routes)`
`19`	`19`	`routes.IgnoreRoute("{resource}.axd/{*pathInfo}");`
`20`	`20`
`21`	`21`	`routes.MapRoute("Login", "login", new { Controller = "Auth", Action = "login" }, namespaces);`
	`22`	`+ routes.MapRoute("Logout", "logout", new { Controller = "Auth", Action = "Logout" }, namespaces);`
`22`	`23`
`23`	`24`	`routes.MapRoute("Home", "", new {Controller = "Posts", Action = "Index"}, namespaces );`
`24`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`
`7`	`7`	`namespace SimpleBlog.Areas.Admin.Controllers`
`8`	`8`	`{`
	`9`	`+ [Authorize(Roles = "admin")] // This tell mvc that you cannot access this page if you are not logged in or your role isn't allow`
`9`	`10`	`public class PostsController : Controller`
`10`	`11`	`{`
`11`	`12`	`// GET: Admin/Posts`
Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,10 @@`
`6`	`6`
`7`	`7`	`namespace SimpleBlog.Areas.Admin.Controllers`
`8`	`8`	`{`
	`9`	`+ [Authorize(Roles = "admin")]`
`9`	`10`	`public class UsersController : Controller`
`10`	`11`	`{`
	`12`	`+`
`11`	`13`	`// GET: Admin/Users`
`12`	`14`	`public ActionResult Index()`
`13`	`15`	`{`
Original file line number	Diff line number	Diff line change
`@@ -3,31 +3,37 @@`
`3`	`3`	`using System.Linq;`
`4`	`4`	`using System.Web;`
`5`	`5`	`using System.Web.Mvc;`
	`6`	`+using System.Web.Security;`
`6`	`7`	`using SimpleBlog.ViewModels;`
`7`	`8`
`8`	`9`	`namespace SimpleBlog.Controllers`
`9`	`10`	`{`
`10`	`11`	`public class AuthController : Controller`
	`12`	`+`
`11`	`13`	`{`
	`14`	`+ public ActionResult Logout()`
	`15`	`+ {`
	`16`	`+ FormsAuthentication.SignOut();`
	`17`	`+ return RedirectToRoute("home");`
	`18`	`+ }`
`12`	`19`	`// GET: Auth`
`13`	`20`	`public ActionResult Login()`
`14`	`21`	`{`
`15`	`22`	`return View(new AuthLogin { });`
`16`	`23`	`}`
`17`	`24`
`18`	`25`	`[HttpPost]`
`19`		`- public ActionResult Login(AuthLogin form)`
	`26`	`+ public ActionResult Login(AuthLogin form, string returnUrl) // the string returnUrl redirects the user to where they want to go if they sign in successfully.`
`20`	`27`	`{`
`21`	`28`	`if (!ModelState.IsValid) //This tells mvc what to do if the required fields in the model(auth.cs) are invalid.`
`22`	`29`	`return View(form); // the form parameter here means retrun the form as it was submitted(the post request).`
`23`	`30`
`24`		`- if (form.UserName != "dylan riley")`
`25`		`- {`
`26`		`- ModelState.AddModelError("UserName", "Your username proves to me that you are not a boss!");`
`27`		`- return View(form);`
`28`		`- }`
	`31`	`+ FormsAuthentication.SetAuthCookie(form.Username, true);`
	`32`	`+`
	`33`	`+ if (!string.IsNullOrWhiteSpace(returnUrl))`
	`34`	`+ return Redirect(returnUrl);`
`29`	`35`
`30`		`- return Content("The form is valid");`
	`36`	`+ return RedirectToRoute("home");`
`31`	`37`	`}`
`32`	`38`	`}`
`33`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ namespace SimpleBlog.Controllers`
`8`	`8`	`{`
`9`	`9`	`public class PostsController : Controller`
`10`	`10`	`{`
	`11`	`+`
`11`	`12`	`public ActionResult Index()`
`12`	`13`	`{`
`13`	`14`	`return View();`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ namespace SimpleBlog.ViewModels`
`5`	`5`	`public class AuthLogin`
`6`	`6`	`{`
`7`	`7`	`[Required] // this is another annotation`
`8`		`- public string UserName { get; set; }`
	`8`	`+ public string Username { get; set; }`
`9`	`9`
`10`	`10`
`11`	`11`	`[Required, DataType(DataType.Password)] // this here is how we tell the view that the html.EditorFor contains password data. This is called`