mvc authentication and authorization Edit

Murugan Andezuthu Dharmaratnam | 11 September 2020 | 707

One of the most important components of a web application is security. It is important to make sure that only authenticated and authorized users are able to access the restricted pages of a web application.

Authentication is the process of getting some sort of credentials from the user and verifying the user's identity. If the user supplies a valid user name and password or by some other mechanism the user is authenticated.

Authorization is the process where we check if an authenticated user has access to a particular resource. Authorization helps us to control the access rights by granting or denying permission to an authenticated user.

Autentication Options

When you create an asp .net mvc application you have 4 options.

  1. No Authorization
  2. Individual User Accounts
  3. Work & School Accounts
  4. Windows Authentication
In this article we will focus on Individul user accounts. Where the Authentication & Authorization user data is stored in sql server database.

It is very easy to enable Authentication using SQL database in an asp .net MVC application.

Once you create the project. Change the connection string to connect to an MS SQL server database. In my application, I opened web.config file and added a new connection string .

    <add name="BeginnerConnection" 
connectionString="Data;Initial Catalog=YourDatabaseName;User ID=YourUserName;Password=YourPassword" 
providerName="System.Data.SqlClient" />

The next thing you have to do is to open IdentityModels.cs file which you can find under the Models folder & change the

public ApplicationDbContext()
    : base("DefaultConnection", throwIfV1Schema: false)

public ApplicationDbContext()
    : base("BeginnerConnection", throwIfV1Schema: false)

You have to give the same name you have given in your connection string in web.config file.

Register & Create a new user account

Run the application, click on register to create a new user account. provide the email and password to complete registration. You will be redirected to the home page one the registration is completed & you would be able to see your logged in user data displayed on the top right of the screen.

Tables Created In SQL Database

The registration will automatically create a few tables in the SQL database.

  1. AspNetRoles
  2. AspNetUserClaims
  3. AspNetUserLogins
  4. AspNetUserRoles
  5. AspNetUsers

You will be able to see that a new entry has been added to the AspNetUsers table.

Adding Authorize to web pages

To add authorization to a web page, add the authorize attribute to the controller.

Open HomeController & add [Authorize] attribute to the class

public class HomeController : Controller
    public ActionResult Index()
        return View();


Run The Application

Run The Application & go to the home controller


You can see that you get redirected to the login page. It's so easy to implement authorization and authentication in an asp .net MVC application.