My Use Case is to e-mail a url to new customer that will route them to a create password view in our CSLA 3.8 ASP.NET MVC2 application
Since the ChangePassword action is in the Account Controller ... the URL that I send to the unauthenticated user takes them to a login screen ( because of the constructor in the Account Controller ).
The simple solution would be to take that create password function out of the AccountController ... but I'm looking for a way to keep from having to do that.
To keep that function in the AccountController, It looks like I can re-route the action by adding a function in the constructor that will do special handling if the HTTP.Request is for the change password URL ....
Is there an MVC feature / or any other options for bypassing the login screen for an unauthenticated user for an action in the Account Controller ??
Thanks,
Steve
I'm not sure why you're really doing anything in the constructor of your AccountController. Why don't you have the relevent logic in seperate action methods?
is there an update to the 3.8 version of MVC PTracker solves this ... here is my version of the "canonical" PT MVC accountcontronller ...
=========
[HandleError]
public class AccountController : Controller
{
// This constructor is used by the MVC framework to instantiate the controller using
// the default forms authentication and membership providers.
public
AccountController(): this(null, nulL){}
// This constructor is not used by the MVC framework but is instead provided for ease
// of unit testing this type. See the comments at the end of this file for more
// information.
public AccountController(IFormsAuthentication formsAuth, IMembershipService service)
{FormsAuth = formsAuth ?? new FormsAuthenticationService();
MembershipService = service ?? new AccountMembershipService();
}
public IFormsAuthentication FormsAuth{get;private set;}
public IMembershipService FormsAuth{get;private set;
I guess I'm a bit confused; I thought you said you were sending unauthenticated users to a logon page in the constructor.
Not quite ... in PTMVC any action in the Account Controller other than login requires an authenticated user
So ... it's a bit of a Hack ... but since this is the only case where a user without valid credentials can access a view managed by the Account Controller in my app .... I'm looking for the URI in global.asax and performing a login for a default user.
if (HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath == "~/NewPassword")
{
MyApp.Library.Security.MyappPrincipal.Login("foo", "bar");
HttpContext.Current.Session["CslaPrincipal"] =
Csla.ApplicationContext.User;
};
With an authenticated user in the session object the AccountController constructor routes to the change password form, bypassing the login screen ....
Why not have another action method that doesn't require authorization, and just set the principal to the Unauthenticated princpal from Csla (or another one you make).
Copyright (c) Marimer LLC