Menu
I'm using MVC 5 and Windows authentication, and need to use role management in a database, not AD groups. I've used the asp.net membership solution to do this in the past but would prefer to use the more modern identity table(s). I do not have access to AD groups. How can this be done?
924
Create a new ASP.NET Web project and select the MVC template. Web Forms also supports ASP.NET Identity, so you could follow similar steps in a web forms app. Leave the default authentication as Individual User Accounts. If you'd like to host the app in Azure, leave the check box checked.
When you enable Windows authentication, your web server becomes responsible for authenticating users. Typically, there are two different types of web servers that you use when creating and deploying an ASP.NET MVC application. First, while developing an MVC application, you use the ASP.NET Development Web Server included with Visual Studio.
The web.config file of the project has an authentication tab as The mode defines the mode of authentication and can be changed from the web.config file. The authentication mode can also be set from the properties window of the project. What is MVC ASP.NET Authentication?
The IPrincipal and identity are implemented for using the Identity and the Role properties. Authentication is one of the major features of the ASP.NET MVC as it is built upon the classic ASP.NET, it includes the validation properties provided with the ASP.NET making the web application robust, secure and safe.
Personally I would skip the ASP.NET Identity part and just do it using a custom Authorization filter.
Historically the lines between Authentication (Can you prove who you are) and Authorization (What are you allowed to do) have been quite blurred in MVC.
When you have Windows authentication enabled, the Authentication part is taken care of, and the users' identity in the form of Domain\Username is already set against the HttpContext. What you need to do is figure out what they are Authorized for.
The question is tagged as Oracle, and you may wish to use caching or something similar, so the exact method will vary. For simplicity we will assume that you have a static UserManager.IsInRole class / method that takes a Domain\Username and a comma separated Roles string to check and returns a bool indicating if the user is in one of the allowed roles. In practice you may need to mess about with Dependency Injection which can be a bit tricky with filters.
public class DbAuthorize : System.Web.Http.AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var isAuthorized = base.IsAuthorized(actionContext);
var user = actionContext.ControllerContext.RequestContext.Principal.Identity;
if (user == null)
return false;
return isAuthorized && UserManager.IsInRole(user.Name, this.Roles);
}
}
This can then be used in place of the standard Authorize attribute on Controllers or Actions of your Choice
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
