ASP.NET Core Tutorial - Implementing Login Functionality

Jul 7, 2024

ASP.NET Core Tutorial - Implementing Login Functionality (Part 70)

Overview

  • Focus: Implementing login functionality using the Identity API in ASP.NET Core.
  • Key Components: Login View Model, Login View, Login Actions (GET and POST).

Login View Model

  • Purpose: To capture user data needed for login.
  • Properties:
    • Email: Username (required, email address attributes used for validation).
    • Password: User's password.
    • Remember Me: Boolean to determine whether to create a persistent or session cookie.
  • Location: Place in ViewModels folder (LoginViewModel class).
  • Validation Attributes: Ensure to import data annotations namespace.

Login View

  • Purpose: Display login form to the user.
  • Model: Uses LoginViewModel.
  • Placement: Account subfolder in the Views folder (Login.cshtml file).
  • Components:
    • Page Title: Set using ViewBag.Title.
    • Form elements: Email, password, remember me checkbox, and submit button.
    • Bootstrap 4: Used for styling (row, col-md-12, text-danger, form-group classes).
    • Form Submission: HTTP POST request to login the user.
  • Validation Summmary: Displays any validation errors.

Login Actions in Account Controller

  • GET Action: Displays the login view when /account/login is requested.
  • POST Action:
    • Handles form submission.
    • Parameters: Receives LoginViewModel.
    • Steps:
      1. Check if model state is valid.
      2. If valid, use SignInManager to sign the user in (PasswordSignInAsync method).
      3. Check the result: Redirect to Home Index if successful, otherwise display error.
  • SignInManager Usage:
    • Injected via constructor.
    • PasswordSignInAsync method:
      • Parameters: Username, password, isPersistent (from remember me), lockoutOnFailure.
      • Returns: SignInResult object with success status.
  • Post-Login Behavior:
    • Redirect to Home Index on success.
    • Display invalid login attempt error on failure.
    • Re-render login view with validation errors if model state is invalid.

Cookies: Session vs Persistent

  • Session Cookie:
    • Created if remember me is NOT checked.
    • Lost when browser is closed.
    • Example: ASP.NET Core anti-forgery cookie.
  • Persistent Cookie:
    • Created if remember me is checked.
    • Saved to the machine, persists after browser is closed.
    • Removed upon logout.
  • Logout Behavior:
    • Removes either type of cookie immediately.
    • Application shows Register and Login links instead of Logout.

Example Output

  • Login without Remember Me: Session cookie, lost on browser close.
  • Login with Remember Me: Persistent cookie, retained on browser close.
  • Logout Process: Immediate removal of login cookie.

Key Code Snippets

  • Login View: Code for labels, input elements, validate summary.
  • Account Controller: GET and POST login actions.

Conclusion: Successfully implemented the login functionality including validation, cookie handling, and redirect logic.