ASP.NET MVC and Windows Authentication with custom roles
I am trying to implement windows authentication in my ASP.NET MVC2 application. I've followed all the steps suggested by the official documentation:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I've specified NTLM Authentication. So far so good. Everything works fine.
I would like to check the users logged-in against my database.
I would like to fetch roles from my table and then manage the authorization using a custom attribute.
I don't want to use membership and roles provider.
I'already have my tables Users/Roles in place cause they've been used for an Internet App (this is the Intranet App).
In my Internet App I had a form where the user inputs the data. The form is posted to a controller which checks everything and creates a cookie with the user (and roles) of the logged-in user.
In my global.asax I've trapped the AuthenticateRequest event where I read the cookie and create a custom principal which I use all over the app to check the authorizations.
How can I do implement this with Windows Authentication?
Answer
Just create a new principal and assign it to the user and thread in Global.asax (or use an action filter).
protected void Application_AuthenticateRequest(object sender, EventArgs args)
{
if(HttpContext.Current != null)
{
String [] roles = GetRolesFromSomeDataTable(HttpContext.Current.User.Identity.Name);
GenericPrincipal principal = new GenericPrincipal(HttpContext.Current.User.Identity, roles);
Thread.CurrentPrincipal = HttpContext.Current.User = principal;
}
}
If a user doesn't have any role that matches, they can be barred from the app using the web.config authoirzation element:
<authorization>
<allow roles="blah,whatever"/>
<deny users="*"/>
</authorization>