ASP.NET MVC > Authentication and Authorization

Create forms authentication in ASP.NET MVC in ASP.NET MVC

How to create forms authentication in ASP.NET MVC?

In ASP.NET MVC 5, ASP.NET Identity provider comes with the default project of ASP.NET MVC that help us in implementing forms authentication in the application. Following are the physical files of the default project that are responsible to create the forms authentication as well as external (social) authentication in the ASP.NET MVC project.

/Startup.cs This class file is called when the application starts. It by default calls Configuration method that intern call ConfigureAuth method that is defined in /App_Start/Startup.Auth.cs file. Notice that both are same class (partial) placed in two different physical files.
/App_Start/Startup.Auth.cs This file is responsible to call ApplicationUserManager, ApplicationSignInManager and other classes to configure the authentication. It is also used to configure cookies to be used for authentication. Apart from internal authentication, ASP.NET MVC 5 also allows social login from Google, Facebook, Twitter etc. This page also help us configuring those by uncommenting respective lines of codes and setting their keys and secret details.

Notice the LoginPath in the app.UseCookieAuthenticaiton method where it is set to “/Account/Login”.
/App_Start/IdentityConfig.cs This .cs file contains several classes that allows us to plug in Email service, SMS service that will be used to send email and sms for authentication purpose (optional).

It also help us to configure the application user manager, and User manager that let us create member (user) in the application and manage them.
In the Create method that returns ApplicationUserManager, validation logic is also configured for the username, passwords, locking the user, email service, sms service etc.

Similarly, ApplicationSignInManager is also configured that help user to sign in to the application.
/Views/Shares/_LoginPartial.cshtml This partial view file is responsible to render the view based on user authentication status. If user is authenticated then “Hello username” along with Log off link otherwise Register and Login in link is rendered.

This partial view is called in the /Views/Shared/_Layout.cshmlt (master page)
/Views/Account This folder contains several .cshtml files that renders corresponding view that let user register (create new user), login, use forgot password, reset password etc.
/Models/IdentityModel.cs Here ApplicationUser class help us create Identiy that will be used to store user data.
/Models/AccountViewModels.cs This file contains many classes that is used as Model for Login, Register, ForgotPassword, ResetPassword etc views.
/Model/ManageViewModels.cs This file also contains many classes that serves as Model to /Views/Account/ folder respective views. These views are mainly to manage users (members) personal details, like changing password,managing external login if any etc.
/Controllers/AccountController.cs This file contains necessary action methods that help us in creating new user (Register), logging in user, resetting password, retrieving password, verifyi8ng email verification code, service necessary views to Login, confirming email etc.
/Controllers/ManageController.cs This file contains necessary action methods that helps us managing the account of the member (user) of the website like changing password, managing external logins etc.

To perform forms authentication, we do not need to change any setting in the default project. The only thing we may need to change is the DefaultConnection under connectionStrings setting of root web.config file.


    <add name="DefaultConnection"
         connectionString="Data Source=SNITFunda;Initial
Catalog=TrainingDatabase;Integrated Security=True"
      providerName="System.Data.SqlClient" />

By default, the connectionString value of DefaultConnction points to a LocalDB under App_Data folder. While developing a real time application, we may need to set the database connection to any external database on another server. So here we can change the connectionString.

Now everything is already setup. Run the application and click on Register link on the page. It redirects the user to /Account/Register page that enable user to register to the website. When user clicks on the Register button on this page, /Controllers/AccountController/Register(RegisterViewModel model) method executes under Account controller that create a new user (if database table is not already setup as per ASP.NET Identity provider then it creates following database table into the database.


  • AspNetUsers          - stores the user information
  • AspNetUserRoles   - stores roles specific to the user
  • AspNetUserLogins - stores the information about the user who has logged in using external login provider such as                                        Facebook, Google etc.
  • AspNetUserClaims - stores information about claims made from social login
  • AspNetRoles – stores the role information
  • _MigrationHistory – NOT related with ASP.NET Identity provider but just used to store history about how the database has changed because of change in the models of the application.

/Controllers/AccountController/Register(RegisterViewModel model) method has some commented code that can be uncommented depending on whether we want to send Email confirmation link to the user. Read comment for more steps to follow.

The remaining methods in the AccountController are to confirm email, forgot password, login, reset password etc. are already written in the controller, so we do not need to write anything from our side.

 Views: 4326 | Post Order: 77

Write for us