This course will be retired on July 14, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Well done!
You have completed User Authentication with ASP.NET Identity!
You have completed User Authentication with ASP.NET Identity!
Preview
Let's review the changes that we made to our web app in this section.
This video doesn't have any notes.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
Let's review the changes
we made in this section.
0:00
You've seen the SQL server
object explorer window.
0:03
Let's review the data in
the ASP.NET users table.
0:07
Here's our seeded users.
0:18
Notice that the passwords are hashed.
0:20
Now let's review the changes
to the entry table.
0:24
Here's our user ID column, and
notice that each row has a value populated
0:33
representing the user ID that owns or
is associated with that entry.
0:38
Let's close both of those tabs.
0:44
Switch to solution explorer.
0:47
Expand controllers and
open the entries controller.
0:49
Now let's set a break point inside each
of the entries controller action methods.
0:53
I'll press F9 to set a break point
here just inside of the index action
1:01
method Scroll down to Add.
1:05
Then the Post version
of Add action method.
1:15
Edit.
1:22
And edit post.
1:26
Delete, and the last one,
the delete post action method.
1:32
Then I'll press F5 to debug the app.
1:38
Here's our sign in page.
1:43
If you look up in the address bar, notice
this green lock and the word Secure.
1:45
This tells us that we're using HTTPS and
SSL.
1:51
I'll go ahead and sign in.
1:57
And just inside of the index action
method we're getting ready to call
2:06
the git user ID method on
the User.Identity property.
2:10
Press F10,
if we hover over the user ID variable,
2:16
we can see the user ID from my account.
2:19
Now, we're gonna pass that user ID into
the Git list entries repository method.
2:23
This allows the repository to
filter the list of entries
2:29
to the ones that are associated
with my account.
2:32
And here's my entries.
2:35
Let's try adding an entry.
2:37
Inside of the Add Action method,
here we're getting my UserID, again, and
2:42
we're setting
the viewModel.Entry.UserID property.
2:46
Let's view the source of the page by right
clicking and selecting view page source.
2:51
I'll make this slightly larger.
2:57
And scroll down a bit.
3:00
Here's our first form, but
this is our sign out form.
3:03
Let's scroll down a little bit further.
3:06
Here's what I'm looking for.
3:09
It's an input element of type
hidden that contains my UserId.
3:10
Also notice that there's another
hidden input element right here.
3:17
This one contains the anti-forgery
token that we're using to prevent
3:22
CSFR or cross site request forgery.
3:28
If this token wasn't
included as a form value, or
3:31
if the token value was incorrect, the post
would fail upon submission to the server.
3:34
Let's go ahead and fill out some values.
3:41
So I'll select basketball for
activity and say I played for
3:43
30 minutes at a medium intensity and
submit the form.
3:48
Now, we are inside of
the add post action method.
3:54
Lets step down, here we are about
to get the user ID for my account.
3:57
And we're setting
the entries user ID property
4:04
ignoring the one that was
sent from the client.
4:08
This is to ensure that the user didn't
tamper with the hidden field value.
4:11
Let's go ahead and add the entry, And
4:16
press F5 to continue execution which
will redirect us back to the index page.
4:20
And here we are with our message saying
that the entry was successfully added.
4:28
Now, let's edit that same entry by
clicking the Edit button on its row.
4:34
Here we are in the Edit Get Action Method.
4:41
If we step down, we'll see the call
to the GetUserId method, again.
4:44
And remember, we're passing in
the userId into the entriesRespository
4:48
Get action method along with the id of
the entry that we're trying to retrieve.
4:53
Doing this prevents users
from hacking the URL
4:58
in an attempt to retrieve
another users entry.
5:01
Let's change the activity and
submit the form.
5:05
Let's step down.
5:11
Here we are getting a reference
to our entry model, and
5:14
here we're getting the user ID, again.
5:17
This time, before we update the entry,
we're calling the entry's repository
5:21
EntryOwnedByUserId method passing
in the entry.Id and the userId.
5:26
We're doing this to ensure, again,
that the combination of the entry ID and
5:31
user ID is valid.
5:36
In here, we're going to override
EntryUserId property with the user
5:39
Id of the current user.
5:43
And after updating the entry,
5:46
we're redirected back to
the entry's index route.
5:48
In here is our message that our
entry was successfully updated.
5:53
Now, let's delete that entry.
5:59
Here's the delete Get action method, and
6:02
again, we're passing that into the
entriesRepository.Get method in order to
6:05
ensure that this entry
belongs to our user.
6:10
We click the Delete button
to delete the entry.
6:16
And in the delete post action method,
we're getting our user ID, again.
6:19
And we're calling it
entriesRepository.EntryOwnedByUserId
6:24
method to check to make sure
that this entry is, in fact,
6:28
owned by the current user.
6:31
Our entry has been deleted.
6:36
And now we're back at our entry's list
page with the message letting us know that
6:39
our entry was deleted.
6:43
Now we're back to just four entries.
6:46
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up