M# Tutorials

Learn to build .NET applications with M#. Our step-by-step tutorials will get you up-to-speed rapidly.
If you already know ASP.NET and C#, you can master M# in a week or two.

User Authentication

Authentication is an important aspect in software development. In this lesson we will discuss how M# covers this concept and will look at user authentication logic available in M#. We will take User and Employee entities from our "HelloWorld" project developed in the beginning tutorials and will discuss M# interfaces, methods and classes, which are used to authenticate a user.

IUser Interface

User authentication relies on this interface. M# generates User entity when a new project is created and implements this interface within User logic class. IUser interface contains a definition for one method "GetRoles", which is called by M# framework to authorize the user, but M# exposes extension methods on this interface to perform authentication (Please read tutorial Role for more information).

Important: Each entity type which requires authentication and authorization, should inherit the User entity. Although, M# doesn’t place constraints on developers to inherit the User entity, you can develop other entities, manualy implementing IUser interface for making the authentication and authorization calls on your entity instance (Please read tutorial Inheritance for more detail on inheriting User Entity).

The IUser interface code shown above only has one method definition, which is implemented by the User entity and then overridden in derived classes.

The User entity in our HelloWorld project implements the IUser interface, it is important to note that it doesn’t return any role, because User entity represents a generic concept term and following Object Oriented Programming principles, we must have entities which represent concrete real world objects to authenticate e.g. Employee, Member, Administrator etc.

The two screenshots shown above of Employee entity shows that the User entity is inherited and "GetRoles" method is overridden in logic partial class to return a role Employee (Please read tutorial Partial Classes and Business Logic for more information on entity and logic class).

So far we have shown the implementation of IUser interface, M# also exposes extension methods to perform authentication, which is discuses next

User Services

M# framework contains a static class "UserServices", which implements the extension methods used to authenticate a user. These extension methods are on IUser interface type. The code shown below is the declaration of this class.

Performing Authentication / Logon / Log Off

Usually in forms a user is authenticated by a user id and a password, once a user is authenticated the user is logged on to allow access to restricted contents. Logging in usually requires a Form authentication ticket to be issued in a cookie and then the web context User principle instance is used to further authorize the user.

In M#, after authenticating a user, using a user id or any other information, you simply call the LogOn extension method (shown in above code) on the entity instance, which implements IUser interface. This LogOn method encapsulates all the functionality required to issue a ticket and manage the web context user principle.

The code shown below demonstrates the authentication process of an employee using an email address and password. After successful authentication the user is logged in by calling LogOn method.

M# updates the "HttpContext.User" instance with the current instance of employee details and then "App.Context.User" property is used to access the currently logged in user (For information about "App.Context.User", please read tutorial Role).

Note: LogOn method call shown above is a standard "Button action" provide in M’ to facilitate developers. You can call it in custom code as well. More information about button action is available in chapter 14.

In order to log off the user, you simple call LogOff extension method on the currently logged in user as shown below