This course will be retired on July 14, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
- Overview of Segmenting and Protecting Data 1:52
- Segmenting Data
- Updating the Database Seed Data
- Updating the Entries Repository
- Updating the Entries List Page
- Protecting User Data
- Securing Communication Between the Client and Server
- Preventing Cross-Site Request Forgery (CSRF)
- Reviewing Segmenting and Protecting Data 6:49
- Wrap Up 1:57
- Section Review 5 questions
Well done!
You have completed User Authentication with ASP.NET Identity!
Preview
Video Player
00:00
00:00
00:00
- 2x 2x
- 1.75x 1.75x
- 1.5x 1.5x
- 1.25x 1.25x
- 1.1x 1.1x
- 1x 1x
- 0.75x 0.75x
- 0.5x 0.5x
Let's review the changes that we made to our web app in this section.
This video doesn't have any notes.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
Let's review the changes
we made in this section.
0:00
You've seen the SQL server
object explorer window.
0:03
Let's review the data in
the ASP.NET users table.
0:07
Here's our seeded users.
0:18
Notice that the passwords are hashed.
0:20
Now let's review the changes
to the entry table.
0:24
Here's our user ID column, and
notice that each row has a value populated
0:33
representing the user ID that owns or
is associated with that entry.
0:38
Let's close both of those tabs.
0:44
Switch to solution explorer.
0:47
Expand controllers and
open the entries controller.
0:49
Now let's set a break point inside each
of the entries controller action methods.
0:53
I'll press F9 to set a break point
here just inside of the index action
1:01
method Scroll down to Add.
1:05
Then the Post version
of Add action method.
1:15
Edit.
1:22
And edit post.
1:26
Delete, and the last one,
the delete post action method.
1:32
Then I'll press F5 to debug the app.
1:38
Here's our sign in page.
1:43
If you look up in the address bar, notice
this green lock and the word Secure.
1:45
This tells us that we're using HTTPS and
SSL.
1:51
I'll go ahead and sign in.
1:57
And just inside of the index action
method we're getting ready to call
2:06
the git user ID method on
the User.Identity property.
2:10
Press F10,
if we hover over the user ID variable,
2:16
we can see the user ID from my account.
2:19
Now, we're gonna pass that user ID into
the Git list entries repository method.
2:23
This allows the repository to
filter the list of entries
2:29
to the ones that are associated
with my account.
2:32
And here's my entries.
2:35
Let's try adding an entry.
2:37
Inside of the Add Action method,
here we're getting my UserID, again, and
2:42
we're setting
the viewModel.Entry.UserID property.
2:46
Let's view the source of the page by right
clicking and selecting view page source.
2:51
I'll make this slightly larger.
2:57
And scroll down a bit.
3:00
Here's our first form, but
this is our sign out form.
3:03
Let's scroll down a little bit further.
3:06
Here's what I'm looking for.
3:09
It's an input element of type
hidden that contains my UserId.
3:10
Also notice that there's another
hidden input element right here.
3:17
This one contains the anti-forgery
token that we're using to prevent
3:22
CSFR or cross site request forgery.
3:28
If this token wasn't
included as a form value, or
3:31
if the token value was incorrect, the post
would fail upon submission to the server.
3:34
Let's go ahead and fill out some values.
3:41
So I'll select basketball for
activity and say I played for
3:43
30 minutes at a medium intensity and
submit the form.
3:48
Now, we are inside of
the add post action method.
3:54
Lets step down, here we are about
to get the user ID for my account.
3:57
And we're setting
the entries user ID property
4:04
ignoring the one that was
sent from the client.
4:08
This is to ensure that the user didn't
tamper with the hidden field value.
4:11
Let's go ahead and add the entry, And
4:16
press F5 to continue execution which
will redirect us back to the index page.
4:20
And here we are with our message saying
that the entry was successfully added.
4:28
Now, let's edit that same entry by
clicking the Edit button on its row.
4:34
Here we are in the Edit Get Action Method.
4:41
If we step down, we'll see the call
to the GetUserId method, again.
4:44
And remember, we're passing in
the userId into the entriesRespository
4:48
Get action method along with the id of
the entry that we're trying to retrieve.
4:53
Doing this prevents users
from hacking the URL
4:58
in an attempt to retrieve
another users entry.
5:01
Let's change the activity and
submit the form.
5:05
Let's step down.
5:11
Here we are getting a reference
to our entry model, and
5:14
here we're getting the user ID, again.
5:17
This time, before we update the entry,
we're calling the entry's repository
5:21
EntryOwnedByUserId method passing
in the entry.Id and the userId.
5:26
We're doing this to ensure, again,
that the combination of the entry ID and
5:31
user ID is valid.
5:36
In here, we're going to override
EntryUserId property with the user
5:39
Id of the current user.
5:43
And after updating the entry,
5:46
we're redirected back to
the entry's index route.
5:48
In here is our message that our
entry was successfully updated.
5:53
Now, let's delete that entry.
5:59
Here's the delete Get action method, and
6:02
again, we're passing that into the
entriesRepository.Get method in order to
6:05
ensure that this entry
belongs to our user.
6:10
We click the Delete button
to delete the entry.
6:16
And in the delete post action method,
we're getting our user ID, again.
6:19
And we're calling it
entriesRepository.EntryOwnedByUserId
6:24
method to check to make sure
that this entry is, in fact,
6:28
owned by the current user.
6:31
Our entry has been deleted.
6:36
And now we're back at our entry's list
page with the message letting us know that
6:39
our entry was deleted.
6:43
Now we're back to just four entries.
6:46
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up