Remember.Web: does not match documentation any more
tillig opened this issue · 2 comments
From @AGBrown on July 13, 2014 14:54
Versions:
- Observed for commit autofac/Autofac@6ab6ce2, other commits not tested
Issue
When trying to use the Remember.Web to understand the Mvc-Integration wiki documentation, the sample code does not work when an [Authorize]
(or custom authorize) attribute is applied to an action, due to problems with the web.config authentication/forms
element. This specifies the loginUrl
as ~/Account/LogOn
(it should be ~/Account/Login
). The sample project also doesn't provide an easy way to set a login cookie and authorize a user to try out the CustomAuthorize
attribute in the wiki documentation.
Impact
The sample Remember.Web doesn't demonstrate the documentation on the Mvc-Integration wiki page. The wiki page references the sample as it ...
... demonstrates many of the aspects of MVC that Autofac is used to inject.
Proposed solution
The fix for this is quite simple, but it also requires #550 to be fixed.
With a few small changes the sample Remember.Web Mvc application could be made to fit in with the wiki at Mvc-Integration and demonstrate the following:
- Model binding for the logon form with
LoginFormBinder
(currently working) withIAuthenticationService
injection (currently working) - Custom authorization attribute (with injection, as per the wiki page) that works with a login cookie to redirect unauthorized users, and accept authorized users.
- Redirection to the login url, which therefore demonstrates all the above
The changes that are required:
- Fix Issue #550
- Update the web.config
authentication/forms
element - Add a
CustomAuthorizeAttribute
as per the wiki - Add
[CustomAuthorize]
and[AllowAnonymous]
to theAccountController
(as per the current Mvc template application in VS2013) - Set the Remember.Web.csproj.user file to launch
Account/LoginSuccess
as theStartPageUrl
I will post an example changeset as a follow up to this issue to AutofacABContrib branch dev-552. In the example I have also split out "validation" by the IAuthenticationManager
(renamed in the commit to ICaptchaManager
and "authentication" performed using FormsAuthentication
in the AccountController
Please let me know if you would like me to create a pull request for the branch.
Copied from original issue: autofac/Autofac#552
@tillig Let me know if there is anything to do with the branch and fixes - I'm assuming that you would need me to fork the new Examples
project and re-map the fix changes on to it?
The examples repo has been overhauled and no longer contains Remember.Web. Instead, the examples are more clearly named based on what they illustrate and try to stick closer to the docs.