I am working on a C # ASP.NET MVC application that runs on an intranet using Windows mode authentication using the following section <system.web>in a file Web.config:
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true" />
</system.web>
I created my own class that extends AuthorizeAttributeto do some processing based on the Windows account that connects. Within an overridden function, AuthorizeCoreI take an object WindowsIdentityfrom HttpContextBase.User.Identityand use it to retrieve data such as name, domain, etc. Then I move on to using this data to query specific records in my database and the result it determines whether this function returns true or false. Upon returning false, the browser displays a simple username and password field that allows the user to provide a different Windows account / password for use, rather than the one with which the current user is logged on.
An example of what the function looks like AuthorizeCorein my project is as follows:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (DbEntities dbContext = new DbEntities ())
{
bool authorize = allowedGroups.Length == 0;
string domainAndUserName = httpContext.User.Identity.Name;
int userNameIndex = domainAndUserName.IndexOf(@"\", StringComparison.OrdinalIgnoreCase) + 1;
string userName = domainAndUserName.Substring(userNameIndex);
try
{
}
catch (EntityException ex)
{
authorize = false;
}
catch (SqlException ex)
{
authorize = false;
}
return authorize;
}
}
, USER_1 , AuthrorizeCore domainAndUserName DOMAIN\USER_1 ( ), , . /, USER_2, . . , , ( ), WindowsIdentity, HttpContextBase, , USER_2 USER_1 ( domainAndUserName DOMAIN\USER_2 DOMAIN\USER_1).
, , , USER_1 WindowsIdentity, , , , . IIS, , . , AuthorizeCore HttpContextBase.User.Identity, Windows.