Authentication and Authorization in MVC Framework

ASP .Net
In this we will discuss about the ASP.NET Roles and Membership API from MVC perspective. We will try to see how the default Roles and Membership provides can be used for authentication and authorization in an MVC application. We will also see how we can implement custom forms authentication in an ASP.NET MVC application.

AntiForgeryToken in MVC Framework

ASP .Net


  • AntiForgeryToken is a great feature in ASP.NET MVC framework.
  • It generates a hidden field in form and valid value in cookies that is validated when the form is submitted to server.
  • It protect your application against cross site request forgery.

What is Cross Site Request Forgery?

  • Cross Site Request Forgery is a one type of attack.
  • It defined as a forgery request or fraud request, which comes on an authenticated site from cross site and is treated as an authenticated request.
  • The impact of CSRF attack is limited of the capabilities exposed by the vulnerable application.

Client Side Validation in MVC Framework

ASP .Net

Client Side Validation

  • ASP.NET MVC framework also supports client side validation by using jqyery.
  • It will validate data immediate and display the error message in browser.
  • Validation should now happen on the client without a round trip to the server.
  • If the client disables javascript in the browser, then client side validation does not work but server side validation will continue to work as normal.

Custom Validation in MVC

ASP .Net

Custom Validation

Validation attributes are a way to configure the model. Some validation rules are implemented based on your business. Your business rules might not be data data annotations validation. You need to implement for new business rule in your MVC application. This case you can go to custom validation.

Data Annotations in MVC Framework

ASP .Net

Data Annotations

  • Data validation is a basic needed for developing web application.
  • In MVC framework provide DataAnnotation for data validations.
  • You can apply validation to web component by using data annotation attribute classes to model class properties.
  • These classes are present in System.ComponentModel.DataAnnotation namespace.
  • It help you to define the rules to the model properties for data validation and displaying appropriate messages to end users.