MVC ASP.NET - Manually authorize someone and persist the authorization via Forms Authentication

Question

I want the benefits of form authentication in ASP.NET. I want it to persist the authorization for me and such, but there's one thing different about my situation; I want to authenticate against a simple web service (specifically provided by the client).

I have my code in place to look at the web place and see if they should be authorized, but how do I set the cookie[?] or authorization flag in ASP.NET that they know the current user is authorized.

Basically...

if (HttpContext.Current.User.Identity.IsAuthenticated)
// we're all good

//Other wise...
bool success = CheckClientsWebService(string username, string password);

if (success)
// Somehow tell .NET that they're authorized

*Note: This is a fairly simple service that does not deal with groups or roles. Simply checking if a user is okay to view the site.

Answer 1

In forms authentication isn't the proof of who you are in th forms authentication cookie.? With that in mind couldn't you create the ticket in a custom login form without having to create a custom provider? I would definitely think you could. Do a quick test and create a forms authentication ticket and see if the out of the box membership provider considers the user authenticated.

I was curious-- so here is some code..

Model

public class SignInViewModel
{
    public string Username { get; set; }
    public string Password { get; set; }
}

Controller

public class SignInController : Controller
{

    public ActionResult Index()
    {
        var model = new SignInViewModel {};
        return View(model);
    }

    [HttpPost]
    public ActionResult Index(SignInViewModel model)
    {
        if (model.Username == "Fred" && model.Password == "Mertz")
        {
            FormsAuthentication.SetAuthCookie(model.Username, false);
            return RedirectToAction("Secure");
        }
        return View(model);
    }

    [Authorize]
    public ActionResult Secure(SignInViewModel model)
    {
        return View();
    }

    [Authorize]
    public ActionResult Logout(SignInViewModel model)
    {
        FormsAuthentication.SignOut();
        return RedirectToAction("Index");
    }

Index.cshtml

@using (Html.BeginForm()) {
    <fieldset>
        <legend>SignInViewModel</legend>

        <div class="editor-label">
            @Html.LabelFor(model => model.Username)
        </div>
        <div class="editor-field">
            @Html.EditorFor(model => model.Username)
            @Html.ValidationMessageFor(model => model.Username)
        </div>

        <div class="editor-label">
            @Html.LabelFor(model => model.Password)
        </div>
        <div class="editor-field">
            @Html.EditorFor(model => model.Password)
            @Html.ValidationMessageFor(model => model.Password)
        </div>

        <p>
            <input type="submit" value="Login" />
        </p>
    </fieldset>
}

Secure.cshtml

<h2>Secure</h2>
@Html.ActionLink("Logout", "Logout")