I am upgrading a site to use MVC and I am looking for the best way to set up Authentication.
At this point, I have the log-in working off of Active Directory: validating a username and password, and then setting the Auth cookie.
How do I store the user's role information at time of log-in, in order for my controllers to see those roles as the user navigates through the site?
[Authorize(Roles = "admin")]
I have no problem getting a list of roles from Active Directory. I just don't know where to put them so that the controllers will see them.
Process of granting an assigned set of roles to authenticated users.
The RolePrincipal object's IsInRole(roleName) method calls Roles. GetRolesForUser to get the roles for the user in order to determine whether the user is a member of roleName. When using the SqlRoleProvider , this results in a query to the role store database.
Assign roles in user profileYou can also assign roles to users from their individual profile page. Go to Dashboard > User Management > Users and click the name of the user. Click the Roles view, and click Assign Role. Choose the role you wish to assign and click Assign.
Roles are added to the IPrincipal of the HttpContext. You can create a GenericPrincipal, parse the list of roles in the constructor and set it as HttpContext.User. The GenericPrincipal will then be accessible through User.IsInRole("role")
or the [Authorize(Roles="role")]
attribute
One way of doing this (in C#) is to add your roles as a comma separated string in the user data parameter when creating your authentication ticket
string roles = "Admin,Member"; FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, userId, //user id DateTime.Now, DateTime.Now.AddMinutes(20), // expiry false, //do not remember roles, "/"); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); Response.Cookies.Add(cookie);
Then access the role list from the authentication ticket and create a GenericPrincipal from your Global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); string[] roles = authTicket.UserData.Split(new Char[] { ',' }); GenericPrincipal userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name),roles); Context.User = userPrincipal; } }
When you authenticate your user, you generate a new GenericPrincipal instance. The constructor takes an array of strings which are the roles for the user. Now set HttpContext.Current.User equal to the generic principal and write the auth cookie, and that should do it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With