Documentation Index
Fetch the complete documentation index at: https://mintlify.com/interezante456-pixel/nuevo-proyecto-viernes/llms.txt
Use this file to discover all available pages before exploring further.
AccesoController is the authentication gateway for Tienda Mi Cholo. It handles displaying and processing the login form, setting up the ASP.NET Core cookie authentication principal and the server-side session, signing out, and rendering the access-denied page for users who attempt to reach a route their role does not permit. Unlike every other controller in the application, AccesoController does not carry a class-level [Authorize] attribute — the login and access-denied actions must be reachable by unauthenticated visitors. The default route configured in Program.cs points to Acceso/Login, so the login page is the application entry point.
AccesoController carries [ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)] at the class level, so every action in the controller inherits the no-cache directive. This instructs the browser never to cache any response from this controller, which prevents a logged-out user from navigating back to a cached version of the login page.LoginVM Model
The login form is bound to theLoginVM view model defined in Final_proyecto.ViewModels:
Actions
GET /Acceso/Login
Renders the login form view. No authentication required. Authorization: Public (no[Authorize] attribute).
POST /Acceso/Login
Validates the submitted credentials, builds the cookie authentication principal, writes four session keys, and redirects the user to the home page on success. Authorization: Public (no[Authorize] attribute).
The user’s email address. Matched against
Usuario.CorreoUsuario in the database.The user’s password. Matched against
Usuario.Contraseña in the database using a direct equality comparison.- Query
Usuarios(withRolincluded) whereCorreoUsuario == loginVM.CorreoANDContraseña == loginVM.Contraseña. - If no match → sets
ViewData["Mensaje"] = "Correo o contraseña incorrectos"and returns the login view. - If
usuario.Estado == false→ setsViewData["Mensaje"] = "Su cuenta está desactivada. Contacte al administrador."and returns the login view.
CookieAuthenticationDefaults.AuthenticationScheme and IsPersistent = true, AllowRefresh = true.
Session keys written on success:
| Key | Value |
|---|---|
"Usuario" | usuario.NomUsuario |
"NomCompleto" | usuario.NomCompleto |
"Rol" | usuario.Rol.NomRol |
"IdUsuario" | usuario.ID_Usuario (stored as int) |
The
IdUsuario session integer is read by VentaController.Nueva when recording which user created the sale: HttpContext.Session.GetInt32("IdUsuario") ?? 1.GET /Home/Index.
/Acceso/Logout
Clears all session data, signs out the cookie authentication scheme, and redirects the user back to the login page.The
Logout action has no [HttpGet] or [HttpPost] attribute in the source code, so ASP.NET Core’s routing accepts any HTTP method for this path. It is conventionally called via a link (GET), but the action itself does not restrict the HTTP verb.[Authorize] attribute — the action is reachable without authentication, though in practice it is only linked to from within the authenticated layout.
GET /Acceso/Login.
GET /Acceso/Registro
Returns an immediate redirect toGET /Acceso/Login. Self-registration is disabled in the application; the route exists as a stub to handle any inbound link or form that targets /Acceso/Registro.
Authorization: Public (no [Authorize] attribute).
POST /Acceso/Registro
Also redirects immediately toGET /Acceso/Login. The UsuarioVM model parameter is accepted by the binder but the body is never read or processed. New user accounts must be created by an administrator through the user management module.
Authorization: Public (no [Authorize] attribute).
Both
GET and POST /Acceso/Registro are intentional no-op stubs. If you navigate to /Acceso/Registro directly or submit a registration form, you will be redirected to the login page without any feedback message.GET /Acceso/AccesoDenegado
Renders the access-denied view. This route is configured inProgram.cs as the AccessDeniedPath for the cookie authentication scheme, so ASP.NET Core redirects here automatically whenever an authenticated user attempts to reach an action whose [Authorize(Roles = "...")] attribute does not include their role.
Authorization: No explicit attribute — reached via ASP.NET Core’s internal redirect for role failures.