1 Student projects for Murach’s ASP.NET Core MVC
Class Project 12 Add authorization to the
Quarterly Sales app
In this project, you’ll update the Quarterly Sales app from project 11-1 or project 13-1 to use
authentication and authorization.
The navbar for an anonymous user
The navbar for an authenticated user not in the Admin role
The navbar for an authenticated user in the Admin role
The Manage Users page
Specifications
• The app should provide a way for users to register and log in.
• When registering, the user must provide a username and a password. Here’s the
password criteria:
o Passwords must be at least 6 characters.
o Passwords must have at least one uppercase character (A-Z).
2 Student projects for Murach’s ASP.NET Core MVC
Specifications (continued)
• Anonymous users can view the sales data on the main page but aren’t authorized to add
sales or employees.
• Authenticated users are authorized to add sales, but only authenticated users in the
Admin role are authorized to add employees.
• On startup, the app should create an Admin user named “admin” with a password of
“P@ssw0rd”.
• For anonymous users, the navbar should provide a Register link and a Log In link.
• For authenticated users, the navbar should display the user’s name and provide a Log
Out link. In addition, the navbar should display a link to the Add Sales page.
• For authenticated users in the Admin role, the navbar should display links to the Add
Employee page and the Manage Users page. (Note: To check whether a user is in a role,
you can use the IsInRole() method of the view’s User property.)
• The Manage Users page should allow a user in the Admin role to add and delete users,
and assign users to and remove them from the Admin role.
Class Project 12 Add authorization to the Quarterly Sales app
Specifications
Specifications (continued)
1 Student projects for Murach’s ASP.NET Core MVC
Class Project 12 Add authorization to the
Quarterly Sales app
In this project, you’ll update the Quarterly Sales app from project 11-1 or project 13-1 to use
authentication and authorization.
The navbar for an anonymous user
The navbar for an authenticated user not in the Admin role
The navbar for an authenticated user in the Admin role
The Manage Users page
Specifications
• The app should provide a way for users to register and log in.
• When registering, the user must provide a username and a password. Here’s the
password criteria:
o Passwords must be at least 6 characters.
o Passwords must have at least one uppercase character (A-Z).
2 Student projects for Murach’s ASP.NET Core MVC
Specifications (continued)
• Anonymous users can view the sales data on the main page but aren’t authorized to add
sales or employees.
• Authenticated users are authorized to add sales, but only authenticated users in the
Admin role are authorized to add employees.
• On startup, the app should create an Admin user named “admin” with a password of
“P@ssw0rd”.
• For anonymous users, the navbar should provide a Register link and a Log In link.
• For authenticated users, the navbar should display the user’s name and provide a Log
Out link. In addition, the navbar should display a link to the Add Sales page.
• For authenticated users in the Admin role, the navbar should display links to the Add
Employee page and the Manage Users page. (Note: To check whether a user is in a role,
you can use the IsInRole() method of the view’s User property.)
• The Manage Users page should allow a user in the Admin role to add and delete users,
and assign users to and remove them from the Admin role.
Class Project 12 Add authorization to the Quarterly Sales app
Specifications
Specifications (continued)