Geek Answers Handbook

Membership in ASP.Net MVC

I want to use AuthorizeAttribute to control user access to my actions. I just want to clarify that my logic is fine.

  • I create my own implementation of IPrincipal
  • I am sending user credentials to the security controller login action.
  • I verify credentials using the UserService class and assign the IPrincipal returned from my UserService class to HttpContext.User
  • My WebAuthorizeAttribute, which inherits AuthorizeAttribute, checks the current HttpContext.User.Identity.IsAuthenticated and HttpContext.User.IsInRole to determine if the user has access to the action.

Is the normal flow of things? I know that I can inherit MembershipProvider, but I do not need all the functionality, but just the ability to log in with two different roles.

+5
source share
2 answers

You will need to save the IPrincipal somewhere and restore it with each request. If you will use FormsAuthentication, this is a good solution:

ASP.NET 2.0 Form Authentication - Keeping it Custom Still Easy

here you can find other solutions:

Where is registered user information stored in ASP.NET MVC using forms authentication?

and possibly many other StackOverflow issues :)

EDIT

About MyBusinessLayerSecurityClass.CreatePrincipal (id, id.Name):

:

http://msdn.microsoft.com/en-us/library/aa480476.aspx

:

FormsAuthenticationModule GenericPrincipal HTTP . GenericPrincipal FormsIdentity, . . , , IPrincipal, PostAuthenticate. PostAuthenticate FormsAuthenticationModule cookie GenericPrincipal FormsIdentity. IPrincipal FormsIdentity, HttpContext. .

FormsIdentity , cookie cookie. , , IPrincipal. , HttpContext.Current.User null ( GenericPrincipal, ). HttpContext.Current.User null, cookie , , .

+4

:

  • IPrincipal
  • .
  • UserService cookie, . FormsAuthentication.SetAuthCookie .
  • AuthenticateRequest cookie Context.User. . Thread.CurrentPrincipal AuthenticateRequest. , .
  • My WebAuthorizeAttribute, AuthorizeAttribute, HttpContext.User.Identity.IsAuthenticated HttpContext.User.IsInRole, , .
+2

More articles:


All Articles