Updates Below - December 1, 2014
SecurityGuard.Mvc5 is available!
This new version of the NuGet package addresses some differences in moving to ASP.NET MVC 5 and the 4.5 .Net Framework. This NuGet package expects to work with Visual Studio 2013, ASP.NET MVC 5.2.0.0 and 4.5 .Net Framework. It has not been tested with other combinations.
This should work without issues. If you find any problems, please let me know as an issue on my github repository. The link to github is at the top of this post.
Still some manual tasks
There continue to be some manual things you need to do to make this fully work:
- Remove the views for the view engine you are NOT using.
That's it! I resolved the web.config transformation issues in this new version.
But since both ASPX and Razor views are created, you must delete the ones you are not using. After that, you are all set to go.
Easy Installation
Since this is a NuGet package, its easy to install. Just open your Package Manager Console and enter:
Updates
December 1, 2014
A few minor fixes were made. You can make these changes in your application manually if you want.
SecurityGuard/MembershipController fix for empty form submission validation:
Before:
[HttpPost]public virtual ActionResult CreateUser(viewModels.RegisterViewModel model){ MembershipUser user; MembershipCreateStatus status; user = membershipService.CreateUser(model.UserName, model.Password, model.Email, model.SecretQuestion, model.SecretAnswer, model.Approve, out status); return routeHelpers.Actions.GrantRolesToUser(user.UserName);}After:
[HttpPost]public virtual ActionResult CreateUser(viewModels.RegisterViewModel model){ if (!ModelState.IsValid) { ModelState.AddModelError("", "You are missing required fields."); return RedirectToAction("CreateUser"); } MembershipUser user; MembershipCreateStatus status; user = membershipService.CreateUser(model.UserName, model.Password, model.Email, model.SecretQuestion, model.SecretAnswer, model.Approve, out status); return routeHelpers.Actions.GrantRolesToUser(user.UserName);}Added the ModelState.IsValid conditional statement.
SecurityGuard/Views/Role/index.cshtml - fixed bad link under the "Get Users In Role" dropdown. The link broke when trying to navigate to the member info page. The fix is in the JavaScript at the bottom of the page.
Before:
function OnGetUsersInRoleSuccess(data) { ul.empty(); if (data == "") { ul.append("<li>No user(s).</li>"); } else { $.each(data, function (index, item) { ul.append("<li><a href=\"/SecurityGuard/Membership/Update/" + item + "\">" + item + "</a></li>"); }); }}After:
01.function OnGetUsersInRoleSuccess(data) {02. ul.empty();03. if (data == "") {04. ul.append("<li>No user(s).</li>");05. } else {06. $.each(data, function (index, item) {07. ul.append("<li><a href=\"/SecurityGuard/Membership/Update?userName=" + item + "\">" + item + "</a></li>");08. });09. }10.}The change is on line 7.
SecurityGuard/Views/Membership/index.cshtml - fixed a bad link when using the table radio button to navigate to the "Grant Roles to User" page. The fix is in the JavaScript at the bottom of the page.
Before:
$(".userRadio").click(function () { // Get the value of the clicked radio button // which is the username. var userName = $(this).val(); // Get a reference to the "href" of the link. //var href = anchor.attr("href"); var href = '@Url.Action("GrantRolesToUser", "Membership")'; // Concatenate the existing href value with the username var newHref = href + "/" + userName; // Replace the existing href value with the new one anchor.attr("href", newHref); // Remove the disabled attribute on the // Grant Roles to User link anchor.removeAttr("disabled");});After:
01.$(".userRadio").click(function () {02. // Get the value of the clicked radio button03. // which is the username.04. var userName = $(this).val();05. 06. // Get a reference to the "href" of the link.07. //var href = anchor.attr("href");08. var href = '@Url.Action("GrantRolesToUser", "Membership")';09. 10. // Concatenate the existing href value with the username11. var newHref = href + "?userName=" + userName;12. 13. // Replace the existing href value with the new one14. anchor.attr("href", newHref);15. 16. // Remove the disabled attribute on the 17. // Grant Roles to User link18. anchor.removeAttr("disabled");19.});The change is on line 11.
@jtawil - unfortunately there is no easy way to upgrade from Mvc4 to Mvc5 since there's been several modifications to the assembly and many views, to accommodate differences in the .Net 4.5 framework and ASP.NET MVC 5.
Have you upgraded your web application to ASP.NET MVC 5 from MVC 4.x? If so, does the existing SecurityGuard not work? As long as the web.config file still has the membership sections using the System.Web.Providers providers, SecurityGuard.Mvc4 should work. Let me know.
If you have not made any visual changes to the views in SecurityGuard, you could uninstall SecurityGuard.Mvc4 and then install SecurityGuard.Mvc5, BUT and here's the important point... make a copy of your web.config file first!!! Since there are differences in the way ASP.NET MVC5 handles authentication, various elements are missing in ASP.NET MVC 5 that are used by SecurityGuard, so SecurityGuard.Mvc5 adds these elements back into the web.config. If you already have your authentication element setup the way you want, it may be overwritten, so it's best to back it up before installing this version.
I'll work on some documentation about possibly upgrading from a older version when I have a moment.
Another option, is to create a blank ASP.NET MVC 5 project and install SecurityGuard.Mvc5 there and then copy over the new SecurityGuard.dll. Then you can copy over the Area views and the SGAccount views, then make sure the web.config has all the configuration necessary.
Sorry about the hassle, but I hope this helps.
Hi, thanks for this wonderful piece of work.
The installation went fine so far, but as soon as try to navigate to the login page I get the following error:
Server Error for application /.
The resource couldn't be found. HTTP 404 requested url : SGAccount/Login (the same for SGAccount/Register)
All aspx pages have been deleted, the requested page is in Views/SGAccount/Login.cshtml
Do you have any idea how to resolve this?
Thanks a lot in advance
Marc
Hi, thanks for this wonderful piece of work.
The installation went fine so far, but as soon as try to navigate to the login page I get the following error:
Server Error for application /.
The resource couldn't be found. HTTP 404 requested url : SGAccount/Login (the same for SGAccount/Register)
All aspx pages have been deleted, the requested page is in Views/SGAccount/Login.cshtml
Do you have any idea how to resolve this?
Thanks a lot in advance
Marc
@marcsommer - sorry you are having problems. I'm not sure why this is happening. Can you confirm that the SecurityGuard package is there with the SGAccountController in place and the SGAccount Views all there also?
You can always uninstall and then re-install and that may fix the problem, but it should just work.
Let me know.
Ok, found the mistake. I thought the visual studio publication process automatically recompiles the project just before publication to a website. Actually you have to manually do it! The view files have been copied as is, but the changes in the controller part did not find their way in to the assembly. So there was no SGAccount controller in the project dll published to the site. I had to decompile the published project to see this. Unfortunatelly the server error messages in most cases are pretty useless as they mostly don't give you a clue into which direction to go.
But thanks nevertheless for dropping in :-)
Hi,
Whenever I build and run, it creates a database ASPNETDB.mdf for use with Security Guard.
How do I get it to not create another database, but rather update my existing database in DefaultConnection?
Thanks
@DarretKing - you need to make sure that the membership provider sections in the web.config/system.web element have the correct connection string name for your database. You should have four (4) sections in system.web:
These are the providers that SecurityGuard uses for connection to your database. So make sure the connectionStringName values are pointing to the name of your connection string for your database. I hope that makes sense.
I'm using the MVC5 version of SecurityGuard and MVCInstaller. When I run the app I get the following error:-
Schema specified is not valid. Errors:
(19,34) : error 0040: The Type image is not qualified with a namespace or alias. Only primitive types can be used without qualification.
If it helps, i'm using MySQL and not SQL but this is because there is an existing database that the app will pull other info from.
The MySQL connection is working fine, there are just none of the tables required for SecurityGuard which is why I installed MVCInstaller5 via NuGet.
@LukeBrewerton - SecurityGuard is not supported with MySql, that doesn't mean it may not work, but there's probably a few things to get it to work, some of which I have never explored.
To be clear, SecurityGuard does not install the required membership database tables, that has to be done by you and can be done in various ways. SecurityGuard is simply a user-interface that allows you to manage the data in the membership database.
I assume the application is ASP.NET MVC, but you are connecting to a MySql database. Is there a reason you can't have SQL Server side-by-side that contains the membership tables? That would work. You would just need another connection string in your web.config for it.
Apart from that, I don't know what else to do to help you, since as I mentioned, it is intended to be used with SQL Server.
@LukeBrewerton - no, you didn't misread what MVC Installer does. Just be aware, as the documenation states, it will update your web.config with the new connection string information and the membership providers. All the other settings will be untouched. So it's best to do this locally so the Mvc Installer app has permission to update your web.config.
You can update the web.config manually, but this just automates it for you.
Also, if you already have membership providers in your web.config, it will over write them. Be sure that's what you want to occur before you proceed.
If membership providers do already exist, and you are OK with MVC Installer updating the settings, there are occasions where it doesn't work correctly. So it's best to remove the membership provider sections prior to running Mvc Installer. I hope this helps.
Ok, No I dont have any membership providers in the web.config, MVCInstaller added these. I commented out the SQL connection it added but my MySQL connection is also named 'DefaultConnection' and this works with the rest of the Entity Framework.
I think its my implementation rather that SecurityGuard itself. I cant run SQL side by side with the MySQL as the webhost my client uses only provides MySQL
@LukeBrewerton - are the membership tables created in your MySql database? If not, then it absolutely won't work. I can't confirm that it will work even if you do have the table created in MySql because, again I've never tested it with MySql.
If it still doesn't work, it may be because the membership providers I'm using, System.Web.Provider namespace probably requires SQLServer. So you may not be able to use SecurityGuard with your application, unfortunately.