All geek questions in one place

Active Directory Authentication in ASP.NET MVC

I have a couple of tables in my database that indicate that witch users (depending on your AD username) can actually use the current ASP.NET MVC 2 application that I create.

My question is how (or, more likely, where and where do I put it? On the main page?) I am writing a method that takes the AD user out of the HTTP context and checks it against the database to see if you can really use Appendix? If you can ... the idea is to write a key pair in a Session object with the information I need (role, full name, etc.).

I am very confused as to how I should do this, and if this is actually the right way ... Keep in mind that I have an admin and non-admin section in my application.

Any thoughts?

Edit: Keep in mind that I do not want to authenticate the user through the form. All I want to check is that according to my database and AD username you can use my application. If you can write to the session to destroy the information I need. Otherwise, simply discard the error page.

This is what I have implemented so far, is this a way to go? What is the second method for? (Iā€™m sorry, Iā€™m kind of new to C #) What I want to do is actually take a look if you are not authorized ...

protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (isAuthorized) { var canUse = this._userRepo.CanUserUseApp(httpContext.User.Identity.Name); if (!canUse) { isAuthorized = false; } } return isAuthorized; }
+4
source share
2 answers

You can activate and use Windows Authentication (NTLM) , and then write your own [Authorize] attribute, where you could get the currently connected AD user and perform an additional check whether he is allowed or not to use the application in the data warehouse. Then you will decorate controllers / actions requiring authorization with this custom attribute.

UPDATE:

Here is an example of what such a custom attribute might look like:

 public class MyAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (isAuthorized) { // The user is authorized so far => check his credentials against // the custom data store return IsUserAllowedAccess(httpContext.User.Identity.Name); } return isAuthorized; } private bool IsUserAllowedAccess(string username) { throw new NotImplementedException(); } }

and then:

 [MyAuthorize] public class FooController: Controller { public ActionResult Index() { ... } }
+4
source

Create a class called AdminAttribute with this code

  [AttributeUsage (AttributeTargets.Class | AttributeTargets.Method)]
     public class AdminsAttribute: AuthorizeAttribute
     {
             public AdminsAttribute () 
             {
                 this.Roles = "MSH \\ GRP_Level1, MSH \\ Grp_Level2"; 
             }
     } 


  public class HomeController: Controller
     {
         [Admins] 
         public ActionResult Level1 ()
         {
             ViewBag.Message = "Welcome to ASP.NET MVC!";


             return View ();
         }
0
source

Source: https://habr.com/ru/post/1347367/

More articles:


All Articles