Steps for creating Identity in ASP.NET MVC The following steps explain how to create Identity in ASP.NET web applications. Step 1 Open a new project in Visual Studio and select Visual C#. In Visual C#, select ASP.NET Web Application and give the project name.
- Create Edit View in ASP.NET MVC. We have already created the Index view in the previous section. In this section, we will create the Edit view using a default scaffolding template as shown below. The user can update existing student data using the Edit view. The Edit view will be rendered on the click of the Edit button in Index view.
- ASP.NET MVC Pattern. A design pattern for achieving a clean separation of concerns. Supported on Windows, Linux, and macOS. Model View Controller (MVC) MVC is a design pattern used to decouple user-interface (view), data (model), and application logic (controller). This pattern helps to achieve separation of concerns.
- How do I manually set a user's role in ASP.NET MVC? Ask Question Asked 10 years. I couldn't tell from your post if you aren't using the role provider or if you were saying you didn't want to create your own role provider. If you aren't using the built in role provider then you will have to use whatever coding mechanism you have in place to.
- Now in MVC I want to create some sort of user control that contains View, code behind along with javascript. Now how I can create such control so that it can be used across all the applications. Is there something like asp.net server controls or user controls (.ascx) that can be used in MVC application?
by Rick Anderson
This tutorial shows you how to build an ASP.NET MVC 5 web app with email confirmation and password reset using the ASP.NET Identity membership system.
For an updated version of this tutorial that uses .NET Core, see [Account confirmation and password recovery in ASP.NET Core[/aspnet/core/security/authentication/accconfirm).
Create an ASP.NET MVC app
Start by installing and running Visual Studio Express 2013 for Web or Visual Studio 2013. Install Visual Studio 2013 Update 3 or higher.
Note
Warning: You must install Visual Studio 2013 Update 3 or higher to complete this tutorial.
- Create a new ASP.NET Web project and select the MVC template. Web Forms also supports ASP.NET Identity, so you could follow similar steps in a web forms app.
- Leave the default authentication as Individual User Accounts. If you'd like to host the app in Azure, leave the check box checked. Later in the tutorial we will deploy to Azure. You can open an Azure account for free.
- Set the project to use SSL.
- Run the app, click the Register link and register a user. At this point, the only validation on the email is with the [EmailAddress] attribute.
- In Server Explorer, navigate to Data ConnectionsDefaultConnectionTablesAspNetUsers, right click and select Open table definition.The following image shows the
AspNetUsers
schema: - Right click on the AspNetUsers table and select Show Table Data.
At this point the email has not been confirmed. - Click on the row and select delete. You'll add this email again in the next step, and send a confirmation email.
Email confirmation
It's a best practice to confirm the email of a new user registration to verify they are not impersonating someone else (that is, they haven't registered with someone else's email). Suppose you had a discussion forum, you would want to prevent
'[email protected]'
from registering as '[email protected]'
. Without email confirmation, '[email protected]'
could get unwanted email from your app. Suppose Bob accidentally registered as '[email protected]'
and hadn't noticed it, he wouldn't be able to use password recover because the app doesn't have his correct email. Email confirmation provides only limited protection from bots and doesn't provide protection from determined spammers, they have many working email aliases they can use to register.You generally want to prevent new users from posting any data to your web site before they have been confirmed by email, a SMS text message or another mechanism. In the sections below, we will enable email confirmation and modify the code to prevent newly registered users from logging in until their email has been confirmed.
Hook up SendGrid
The instructions in this section are not current. See Configure SendGrid email provider for updated instructions.
Although this tutorial only shows how to add email notification through SendGrid, you can send email using SMTP and other mechanisms (see additional resources).
- In the Package Manager Console, enter the following command:
- Go to the Azure SendGrid sign up page and register for a free SendGrid account. Configure SendGrid by adding code similar to the following in App_Start/IdentityConfig.cs:
You'll need to add the following includes:
To keep this sample simple, we'll store the app settings in the web.config file:
Warning
Security - Never store sensitive data in your source code. The account and credentials are stored in the appSetting. On Azure, you can securely store these values on the Configure tab in the Azure portal. See Best practices for deploying passwords and other sensitive data to ASP.NET and Azure.
Enable email confirmation in the Account controller
Verify the ViewsAccountConfirmEmail.cshtml file has correct razor syntax. ( The @ character in the first line might be missing. )
How To Create Asp.net Mvc 5 Application
Run the app and click the Register link. Once you submit the registration form, you are logged in.
Check your email account and click on the link to confirm your email.
Require email confirmation before log in
Currently once a user completes the registration form, they are logged in. You generally want to confirm their email before logging them in. In the section below, we will modify the code to require new users to have a confirmed email before they are logged in (authenticated). Update the
HttpPost Register
method with the following highlighted changes:By commenting out the
SignInAsync
method, the user will not be signed in by the registration. The TempData['ViewBagLink'] = callbackUrl;
line can be used to debug the app and test registration without sending email. ViewBag.Message
is used to display the confirm instructions. The download sample contains code to test email confirmation without setting up email, and can also be used to debug the application.Create a
ViewsSharedInfo.cshtml
file and add the following razor markup:Add the Authorize attribute to the
Contact
action method of the Home controller. You can click on the Contact link to verify anonymous users don't have access and authenticated users do have access.You must also update the
HttpPost Login
action method:Update the ViewsSharedError.cshtml view to display the error message:
Delete any accounts in the AspNetUsers table that contain the email alias you wish to test with. Run the app and verify you can't log in until you have confirmed your email address. Once you confirm your email address, click the Contact link.
Password recovery/reset
Remove the comment characters from the
HttpPost ForgotPassword
action method in the account controller:Remove the comment characters from the
ForgotPassword
ActionLink in the ViewsAccountLogin.cshtml razor view file:The Log in page will now show a link to reset the password.
Resend email confirmation link
Once a user creates a new local account, they are emailed a confirmation link they are required to use before they can log on. If the user accidentally deletes the confirmation email, or the email never arrives, they will need the confirmation link sent again. The following code changes show how to enable this.
Add the following helper method to the bottom of the ControllersAccountController.cs file:
Update the Register method to use the new helper:
Update the Login method to resend the password if the user account has not been confirmed:
Combine social and local login accounts
You can combine local and social accounts by clicking on your email link. In the following sequence **[email protected]** is first created as a local login, but you can create the account as a social log in first, then add a local login.
Click on the Manage link. Note the External Logins: 0 associated with this account.
Click the link to another log in service and accept the app requests. The two accounts have been combined, you will be able to log on with either account. You might want your users to add local accounts in case their social log in authentication service is down, or more likely they have lost access to their social account.
In the following image, Tom is a social log in (which you can see from the External Logins: 1 shown on the page).
Clicking on Pick a password allows you to add a local log on associated with the same account.
Email confirmation in more depth
My tutorial Account Confirmation and Password Recovery with ASP.NET Identity goes into this topic with more details.
Debugging the app
If you don't get an email containing the link:
- Check your junk or spam folder.
- Log into your SendGrid account and click on the Email Activity link.
To test the verification link without email, download the completed sample. The confirmation link and confirmation codes will be displayed on the page.
Additional Resources
- Account Confirmation and Password Recovery with ASP.NET Identity Goes into more detail on password recovery and account confirmation.
- MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on This tutorial shows you how to write an ASP.NET MVC 5 app with Facebook and Google OAuth 2 authorization. It also shows how to add additional data to the Identity database.
- Deploy a Secure ASP.NET MVC app with Membership, OAuth, and SQL Database to Azure. This tutorial adds Azure deployment, how to secure your app with roles, how to use the membership API to add users and roles, and additional security features.
by Scott Hanselman
This is a beginner tutorial that introduces the basics of ASP.NET MVC. You'll create a simple web application that reads and writes from a database. Visit the ASP.NET MVC learning center to find other ASP.NET MVC tutorials and samples.
In this section we are going to implement the support necessary to enable users to create new movies in our database. We'll do this by implementing the /Movies/Create URL action.
Implementing the /Movies/Create URL is a two step process. When a user first visits the /Movies/Create URL we want to show them an HTML form that they can fill out to enter a new movie. Then, when the user submits the form and posts the data back to the server, we want to retrieve the posted contents and save it into our database.
We'll implement these two steps within two Create() methods within our MoviesController class. One method will show the <form> that the user should fill out to create a new movie. The second method will handle processing the posted data when the user submits the <form> back to the server, and save a new Movie within our database.
Below is the code we'll add to our MoviesController class to implement this:
The above code contains all of the code that we'll need within our Controller.
How To Create Asp.net Mvc
Let's now implement the Create View template that we'll use to display a form to the user. We'll right click in the first Create method and select 'Add View' to create the view template for our Movie form.
We'll select that we are going to pass the view template a 'Movie' as its view data class, and indicate that we want to 'scaffold' a 'Create' template.
After you click the Add button, MoviesCreate.aspx View template will be created for you. Because we selected 'Create' from the 'view content' dropdown, the Add View dialog automatically 'scaffolded' some default content for us. The scaffolding created an HTML <form>, a place for validation error messages to go, and since scaffolding knows about Movies, it created Label and Fields for each property of our class.
Since our database automatically gives a Movie an ID, let's remove those fields that reference model.Id from our Create View. Remove the 7 lines after <legend>Fields</legend> as they show the ID field that we don't want.
Let's now create a new movie and add it to the database. We'll do this by running the application again and visit the '/Movies' URL and click the 'Create' link to add a new Movie.
When we click the Create button, we'll be posting back (via HTTP POST) the data on this form to the /Movies/Create method that we just created. Just like when the system automatically took the 'numTimes' and 'name ' parameter out of the URL and mapped them to parameters on a method earlier, the system will automatically take the Form Fields from a POST and map them to an object. In this case, values from fields in HTML like 'ReleaseDate' and 'Title' will automatically be put into the correct properties of a new instance of a Movie.
Let's look at the second Create method from our MoviesController again. Notice how it takes a 'Movie' object as an argument:
This Movie object was then passed to the [HttpPost] version of our Create action method, and we saved it in the database and then redirected the user back to the Index() action method which will show the saved result in the movie list:
We aren't checking if our movies are correct, though, and the database won't allow us to save a movie with no Title. It'd be nice if we could tell the user that before the database threw an error. We'll do this next by adding validation support to our application.