ASP.NET Identity in MVC Framework

ASP .Net
In this article we discuss about the basic of ASP .NET identity, creating identity and it's uses.
ASP.NET offers Forms Authentication as one of the authentication schemes. Developers can use Forms Authentication in combination with membership, roles and profile features to provide security to their web applications.
Identity is used for identifying the authorized user and protecting their application from unauthorized user.

Authentication and Authorization in MVC Framework

ASP .Net
In this we will discuss about the ASP.NET Roles and Membership API from MVC perspective. We will try to see how the default Roles and Membership provides can be used for authentication and authorization in an MVC application. We will also see how we can implement custom forms authentication in an ASP.NET MVC application.

AntiForgeryToken in MVC Framework

ASP .Net


  • AntiForgeryToken is a great feature in ASP.NET MVC framework.
  • It generates a hidden field in form and valid value in cookies that is validated when the form is submitted to server.
  • It protect your application against cross site request forgery.

What is Cross Site Request Forgery?

  • Cross Site Request Forgery is a one type of attack.
  • It defined as a forgery request or fraud request, which comes on an authenticated site from cross site and is treated as an authenticated request.
  • The impact of CSRF attack is limited of the capabilities exposed by the vulnerable application.

Client Side Validation in MVC Framework

ASP .Net

Client Side Validation

  • ASP.NET MVC framework also supports client side validation by using jqyery.
  • It will validate data immediate and display the error message in browser.
  • Validation should now happen on the client without a round trip to the server.
  • If the client disables javascript in the browser, then client side validation does not work but server side validation will continue to work as normal.

Custom Validation in MVC

ASP .Net

Custom Validation

Validation attributes are a way to configure the model. Some validation rules are implemented based on your business. Your business rules might not be data data annotations validation. You need to implement for new business rule in your MVC application. This case you can go to custom validation.