SecurityGuard is a NuGet package that quickly installs a complete UI for managing the ASP.NET Membership system on your ASP.NET MVC 3 application.
In this video I'll demonstrate how to install the ASP.NET Membership system using my other NuGet package, MvcInstaller, and then install SecurityGuard to actually manage the membership system. The entire process takes only a few minutes to install and configure.
Story Details for videos
SecurityGuard - Video for NuGet Package
Author:
Version:
Views:
18263
Date Posted:
8/31/2011 8:21:26 PM
Date Updated:
8/31/2011 8:21:26 PM
Rating:
Running Time:
25:18 minutes
Framework:
Platform:
Programming Language:
Technologies:
Tags:
Demo site:
Home Page:
Share:
Downloads:
MP4
Comments
User Name:
(Required)
Email:
(Required)
Great video! Looking forward to implementing and glad I don't have to code up yet another membership/roles module for my client!
Thanks!
WhenI click onlogout
To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.InvalidOperationException: To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
@krzysiekok - hi, this is an easy error to fix. It's covered in the companion article for SecurityGuard, under the "LoginPartial Updates" heading.
But in short, the error is due to the fact that the LogOff link is still pointing to "Account/LogOff" when it should be pointing to "SGAccount/LogOff". But there's more than just changing the link reference, that's why you should look at the article for the complete solution. The LogOff and other features like this now require the AntiForgeryToken, so a form needs to be used to Log off.
I hope this helps.
Ohh,
@using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm" }))
@using (Html.BeginForm("LogOff", "SGAccount", FormMethod.Post, new { id = "logoutForm" }))
Thanks!
Nice work!
How to add custom fields to user's profile e.g. address, city, .... ?
Thanks for quick answer!
I'am considering to create new class "MembershipsProfiles" which will contain "UserId" from "Memberships" as a relationship. The other attributes will be custom data for user: city, address,...
Please for your advice about that and if it is possible how to implement UI.
Also, could I use EF for "MembershipsProfiles"?
Thanks!
@banek - to create your own custom Profile class you should probably look at these articles. They give more information on how to manage profiles within your application.
Jon Galloway's article
Scott Hanselman's article
Once you create the class, then you create a new view and actions to use your new custom profile class.
I hope this helps.
Hi King, excellent video and brilliant security package!
Got it all working on my mvc 4 application, i had to disable the search function in the Membership\index.cshtml file though was throwing an error saying 'The call is ambiguous' for the Model.SearchTerm
@jayjay - are you using the latest version of SecurityGuard for Mvc 4? I've tested it on many applications and I don't get that error, but I'll look into it.
What was the search process you used? Filter by: View All, Username, Email?
Thanks for the video
sorry but i have an error when i run MvcInstaller i have the error Could not find a part of the path
sorry, i am a new user of .net technology
@RV - to fix this, just create a "Reset" folder inside the App_Data folder and the error will go away. This folder allows you to add your own SQL scripts to reset any database configurations in the event that the installation fails the first time. There's more information about how to create your SQL scripts in the article for Mvc 3 applciations. I'll make this clearer in the documentation.
http://www.mvccentral.net/s/44
Also, this is the SecurityGuard video story, not the MvcInstaller story. :^)
Hi,
Really nice video. I have installed securityguard and i am trying to use it. But i am getting error at @user.IsinRole("SecurityGuard")
It complains as object reference being not set.
Help on this is appreciated.
Hi,
Appreciate your response.
Actually i have sent another question yesterday with some details and write up. I could see that yesterday, any ways that fine.
Yes you are right, thats with if statment i guess.
Another question i had is my membership provider is MongoDB custom provider, what is the best way to take advantage of your security guard with custom provider.
Thanks.
@praveen - as I mentioned in my other response in the SecurityGuard post, SecurityGuard was not built to be used with MondoDb or any other "no sql" provider. At the moment it's meant to be used with SQL Server and the ASP.NET Membership system only.
You could try to have two databases, one as SQL Server with the Membership system, and the other as MongoDB. You would need two connection strings in your web.config. You could see if that would work, otherwise I don't have any suggestions.
Can you use SecurityGuard without it's LogOn screens? I would prefer to implement my own Log on and authentication routines. I'm only interested in the user management aspect of SecurityGuard.
Also, do you have to use a SecurityGuard role? Can I create my own?
@kinstephen - you have the complete source code, so you can modify it all you want. The actual source code is also up on github, if you go to the other SecurityGuard for MVC4 article, you'll see the link to the repository.
The only reason to use the SecurityGuard Role is to be able to differentiate who gets to see that navigation item to the SecurityGuard Dashboard. You can do anything else that you want, this was just an easy out-of-the-box way of saying, "this Role is the only one that gets to view the SecurityGuard Dashboard."
I hope that answers your questions.
@mjg - the mailer templates should be there. If you don't see them, you can uninstall and reinstall to get them.
i am unable to view the youtube what do i need to do to view? also i have searched on youtube and did not find any video associated to you or SGA
@Abu Hamzah - sorry you can't see the video, but first of all it isn't a YouTube video, so you won't be able to find it on YouTube.
I've heard from other users that if you are behind a firewall you will have problems seeing the video. Please find a connection outside the firewall and you should have no problems.
@King Wilder: I able to watch finally and I have noticed that you are not using the new Universal Provider? are you working on it? thanks for the video.
@Abu Hamzah - if you are referring to the new SimpleMembership providers, then no, I have not incorporated this new providers into SecurityGuard. I am investigating whether I can easily integrate it into SecurityGuard, but I am working on other projects that have priority over SecurityGuard.
Hey King Wilder,
Love this package you have done a great service to the wider development community. I'm relatively new to MVC and was wondering if can you let me know how a the package is implemented in locking a view. I've looked at the tutorial on authentication in the MVC music store but it uses a different methodology. Can you give me a simple example of how to lock down an existing view using your securityguard. If you have a tutorial on implementation then point me to that if it is easier. Thanks again!
@dataflowjoe - your wording is a bit confusing to me. When you refer to "locking" do you mean when a user gets their account locked by too many invalid login attempts? If not then can you explain?
If you are then the locking mechanism is all ASP.NET Membership, SecurityGuard just creates an easy way to manage the feature already built into the membership system. SecurityGuard does not use it's own locking mechanism to lock a user out of their account.
But it sounds like you are asking something different that locking a user out of the their account. If you are trying to prevent someone from seeing certain views, then that's an MVC implementation and not a SecurityGuard function. You can just set certain controllers, or just actions in a controller to a specific role, then you can set permissions so only logged on users in those roles will be able to see those views.
If this is what you are asking about, then it's easiest if you use a NuGet package like MvcSiteMapProvider. It allows you to add a menu to your application and use security trimming which lets you assign Roles to specific actions on controllers. When users log on, it detects which Role they belong to and then it will only display those menu items that they are permitted to see.
I hope this helps.
I must say you are so totally dedicated in helping your fellow developers. May you reap a lot of blessing for your kindness!
Yes that was a bit confusing, I meant to say... prevent a user from seeing a view. I actually noticed after I wrote that post, you do have an example of useage, which I have now implemented. Just one another thing how can I set the 're-direct to page' after the user succesfully logs in?
Top Man, I can see why you have King in your name!! :-)
Hi King Wilder, I just noticed that when one clicks on the users username link, it is looking for /SGAccount/Manage and it comes up with error page 'Resource not found' is this 'manage' view missing from the installer build? Thanks!
@dataflowjoe - thank you for your kind words.
Hello,
I was trying to implement this video same as done but I get error everytime when I try to Install it and the error is,
Could not find a part of the path 'D:\WebTurorials\MvcApplication6\MvcApplication6\App_Data\Reset'.
Hello,
Forgot password does not send password to email address. Is there any modification required?
Hi King,
Thanks for the work on SecurityGuard. Following your video, I got it to work in MVC4, preliminarily.
I'm doing a conversion and so I have an existing DB I would like to add SG to. Is there an automagic way to do that? Or do I need to recreate the SG files in the existing DB and adjust the webconfig provider pointers accordingly?
Any pointers on this would be appreciated. Thanks!
Thank you for this video, but can you recommend a tutorial on how to implement forgot password? I have created the validations and the html, now I am moving into the controller httppost piece and I am unsure what to add.
Thanks.
@mahlbergc - The Forgot Password feature is built-in! It's attached to the login view. All you need to do is click that link and it will take you to the Forgot Password view. You don't need to do anything for this to work.
The only thing you need to do manually is update the web.config SMTP settings with your email server settings that will send out the emails from this feature.
I hope this helps.
Hi,
Nice demo.
Can I download this demo project . If I can download it so please provide link for download.
Hi,
Nice demo.
Can I download this demo project . If I can download it so please provide link for download.
Hi,
Nice demo.
Can I download this demo project . If I can download it so please provide link for download.