I am working in my first MVC project and i am having troubles with authentication. I have a login page that correctly validates the user by my active directory. But, even authenticated not all users are authorized to access the system, so I use a section in web.config to check if user have permissions. Something like:
<authorization>
<allow users="john,mary,paul,bill,jane,anna" />
<deny users="*" />
</authorization>
It works fine and the user always is redirected to login if doesn't have permission. BUT, when I check if user is Authenticated, the result is always true. And, in login page, I want to check if I must show a message to logged AND authorized users. Something like:
@if (User.Identity.IsAuthenticated && User.Identity.IsAuthorized)
{
@Html.Partial("_Menu");
}
So... How I do it?
Authentication an Authorization are 2 different concepts. Authentication means you know who the person is. Authorization means they have specific permissions.
If you want to check if they are authorized to perform some action and provide them a button or link to perform that action (or access some data, whatever it may be), then you'll have to check if they have the permissions using other means. Some more specifics about the setup you have would help answer the question better.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With