Monthly Archives: May 2024

AUTHENTICATION AND AUTHORIZATION ACCESS THE UI OF ASP.NET CORE IDENTITY An area is a logical container or rather a group of related features. In this post we will look at the functionality, or rather the user interface that Identity provides for us to register, as well as how to access the various sections of the user profile. We will discuss the User object and the SignInManager object. We will finally edit the View _LogingPartial.cshtml. We now set up the Layout View to have the same interface in Identity as well by creating a [...]

AUTHENTICATION AND AUTHORIZATION STRUCTURE OF A RAZOR PAGE A Razor Page offers an alternative way of conveying content to our users, In them we will find the same concepts that we encountered in MVC. We see the structural difference between MVC and Razor Page. For example, if we take the Registration Form we have a Register.cshtml View , and a Register.cshtml.cs file where Controller and Model are located. Let's start by analyzing the View. Basically there are no major differences with an MVC View, the only thing to note is the @page directive at the top [...]

AUTHENTICATION AND AUTHORIZATION ADD A CUSTOM CLAIM TO AVOID DATABASE CALLS In cases where the application is being enjoyed by many users simultaneously there are alternative techniques in sending queries to the AspNetUsers table. Let's see where we can add a claim to derive the FullName. This is because we get the FullName from the UserManager and every time we move through the pages of the application a query is made to the database. There may be a little performance decay if the application is enjoyed by many users at the same time. We also add [...]

AUTHORIZATION SECURITY IN THE AUTHENTICATION AND AUTHORIZATION PHASES Two-factor authentication requires user credentials and also to exhibit something you have such as a smartphone with its authentication code. The user's identity is also protected after login, because we have seen that an authentication cookie is issued, which has a protected, encrypted content that is impossible to tamper with. After the authentication phase, another always follows, authorization which is to determine whether or not a user can perform a certain operation. A user is authorized when first they have authenticated themselves, then you need to see if [...]

AUTHORIZATION CREATE A CONTACT FORM WITH RAZOR PAGE We will create a Contact Form where a student can send questions to the teacher. We will not store this information in the database, but we will send the application via e-mail reusing the MailKitEmailSender.cs infrastructure service. The Form will consist of a TextArea in which the student will type his question, and a button for sending the e-mail. It will be protected with Google reCAPTCHA Version two service so that the Form is protected from spammers. Let's look at some of the implemented code. SEND AN INFORMATION [...]

AUTHORIZATION IDENTIFY THE ROLES OF THE APPLICATION So far we have identified two macro-groups, anonymous users and authenticated users. However, a distinction must also be made for authenticated users, that is, users who possess a certain role that allows them to do certain operations that are precluded to all the rest of the users since they do not possess that role. A user who has associated the Teacher role via claim can perform all the operations that a basic user performs. However, there will have to be a user who assigns these roles, for example, [...]

AUTHORIZATION AUTHORIZE BY ROLE WITH THE AUTHORIZE ATTRIBUTE With Authorize we can ask in addition to authentication to possess a certain role. In this post we will discuss role-based authorization, we have seen in previous posts that we have two macro groups, authenticated users and anonymous users. In turn among the authenticated users we have made a division, namely those who can create, edit, delete courses and this is the Teacher role and the administrators who are in charge of assigning roles to users. We will also see the Policies, in fact still our application has a flaw, namely [...]

E-COMMERCE MAPPING A MANY-TO-MANY RELATIONSHIP WITH ENTITY FRAMEWORK CORE We have come to the crux of our application, in fact the client asked us to make the MyCourse application because she wants to benefit financially from it. We can achieve this goal, for example, by having courses purchased and paid for online, a typical feature of e-commerce. Having completed the purchase we go on to ask the user to give a rating. The relationship between users and courses is many-to-many, each course can enroll many users, and each user can enroll in many courses. To create [...]

E-COMMERCE ACCEPT AN ONLINE PAYMENT There are various technical solutions for accepting payments-on-line. We could create a Form ourselves and collect credit card information, however, there is a major hurdle, which is customer trust. Let's imagine that a user arrives at our site, never heard of it, the user might be hesitant to enter credit card information, precisely because being a first visit the user might express a lack of trust in the people behind MyCourse. If we want to set up a Form, assuming the customer trusts it, that collects credit card numbers we must meet these basic [...]