Geek Answers Handbook

User Authentication / Permission asp.net mvc

I am new to asp.net mvc and starting the next project. The company wants an intranet website for various groups of people to upload files to the database, run reports, and correct data in several basic tables in the database. The company uses Active Directory and does not want users to log in again to use the website. The website will have different sections for different groups, and user access to a specific page should be controlled from the database.

So far this is what I came up with

  • changed the membership provider to a link to an active directory server ( based on a Mike blog post )
  • removed AccountController and Views / Account folder
  • created my own authentication class based on this link

I need to pull from a table in the database based on the AD user ID, its "role" (int), and then pass it to the appropriate SiteRoles. Will this request be implemented in CustomAuthorizeAttribute? is there a better place to pull the data from the table and save it somewhere so that it can be reused and not run the database query every time AuthorizeCore is called (what happens when the user invokes the controller / action)?

+4
source share
3 answers

A custom AuthorizeAttribute definitely suitable for use, as it will be applied before all other action filters.

Kindness,

Dan

+4
source

I would use the ActiveDirectoryMembershipProvider "out of the box" rather than a user attribute (because reinventing a wheel is usually bad, but reinventing a wheel in the field of security is in most cases bad to the point of incompetence), and the AzMan role provider to map groups and AD accounts with application roles.

This pairing gives you much more options (for example, a standardized GUI for permissions) than native code, and is probably more secure.

+3
source

You can do whatever you want using the provided MVC FormAuthentication. Just create your own ValidateLogOn method in AccountController. Example:

 public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) { if (!ValidateLogOn(userName, password)) { return View(); } FormsAuth.SignIn(userName, rememberMe); Session["userlogin"] = userName; if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } }

Where your ValidateLogOn will look something like this:

 private bool ValidateLogOn(string userName, string password) { if (String.IsNullOrEmpty(userName)) { ModelState.AddModelError("username", "You must specify a username."); } if (String.IsNullOrEmpty(password)) { ModelState.AddModelError("password", "You must specify a password."); } /* * Do your LDAP Validation stuff (DB queries, etc) here. */ }
-one
source

More articles:


All Articles