asp.net - Simple temporary authentication without a username or password -
i need add together authorization/authentication logic existing web form. essentially, user come in email address, check email address against existing database, , if exists send email address containing activation link web application. 1 time user clicks link, want client considered "authorized" short amount of time (like browser session, instance). can access pages until authentication expires.
this extremely easy using custom asp.net forms authentication, after doing research there seems many more options today in terms of authorization/authentication. things asp.net identity 2, katana/owin, , more, getting quite overwhelming.
i'm looking suggestions on simplest way implement in mvc4 application. should able upgrade application mvc5 if necessary.
this same process password resets use, can pretty much approach same way:
create table track these "authentications". pretty much need column token, column datetime, column boolean. datetime can either track creation date , time of token, you'd utilize in code calculate if it's old based on desired time frame, or can track expire date , time of token , check in code if expire date has passed or not. boolean track whether email address has been confirmed, via having followed link token in email send out.
in initial form, collect email address , combine salt , one-way encryption produce token. send email link includes token. save token , appropriate datetime value in table.
on page user goes after clicking link, utilize token url lookup matching row in table, check date value, , set boolean true confirmed. then, store token in session.
on each subsequent request, check 1) there's token in session , 2) that token still valid (lookup in database , check datetime , confirmed status). if token doesn't exist or no longer good, delete row, remove token session, , redirect user original email address collection form. otherwise, allow user view whatever content there.
asp.net asp.net-mvc authentication
No comments:
Post a Comment