asp.net mvc - Security check an User to a access controller action -


hello guys have mvc actions have authorize attribute set on them. each 1 of these actions there password/ security pin valid action.

public actionresult action_1()// generic pin 1 { return redirecttoaction("pincheck", new { returnurl = "action_1" }); ... } [authorize] public actionresult action_2()// generic pin 2 { ... }  [authorize] public actionresult pincheck(string returnurl)// generic pin 1 { // request 3 characters of pin in random. ... } [authorize] [httppost] public actionresult pincheck(string a, string b, string c, string returnurl)// generic pin 1 { // check 3 chars. ... // how store pin check controller success , don't ask user unless closes browser or logout }

my plan of action checking pins stored admin particular user particular action in database. far have achieved checking pincheck() routine problem face user has enter pin every time requests particular action. made way around saving encrypted cookie on pincheck success. there way modify authorize attribute , authentication cookie achieve doing?

you can represent each pin verified claim stored part of claimsidentity in cookie can query against user's claims looking appropriate pinclaim in each action. if using asp.net identity, can when verify pin:

await manager.addclaimasync(user.identity.getuserid(), new claim("<mypinclaim>", "<value>")) await signinasync() // , resign user in regenerate cookie claim

Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

How to get multiresult with multicondition in Sql Server -

i need solve this. hopefully can giving me advices. for sample, i've got data : proclib.march 1 first 10 rows flight date depart orig dest miles boarded capacity ----------------------------------------------------------------- 114 01mar94 7:10 lga lax 2475 172 210 202 01mar94 10:43 lga ord 740 151 210 219 01mar94 9:31 lga lon 3442 198 250 622 01mar94 12:19 lga fra 3857 207 250 132 01mar94 15:35 lga yyz 366 115 178 271 01mar94 13:17 lga par 3635 138 250 302 01mar94 20:22 lga 229 105 180 114 02mar94 7:10 lga lax 2475 119 210 202 02mar94 10:43 lga ord 740 120 210 219 02mar94 9:31 lga lon 344...
Read more