ASP.Net MVC - Form Authentication Using an External URL

Question

ASP.Net MVC - Form Authentication Using an External URL

Our organization has a central form authentication solution. I am trying to implement an ASP.Net MVC application that uses this external url - and it worked before RC! was released ...

Here's what's going on

In the ActionAttribute Extension

I check s session var if not found, check for the presence of the request data cartridge if found, install the var session if not found - redirect to an external URL if found continue.

The problem is that before the upgrade to RC1 this worked. Since then, so many requests are sent to an external URL that it detects a DoS attack and disconnects me!

I removed the redirect code and replaced it with the web.config changes for Forms Auth - and the same thing happened ...

+3

asp.net-mvc forms-authentication

user63466 Feb 06 '09 at 19:37

source share

3 answers

Why not use Microsoft Geneva instead of trying to launch your own authentication provider?

0

Craig stuntz Feb 06 '09 at 19:41

source share

CODE:

public class MyAuthenticate : ActionFilterAttribute
    {        
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Session["user"] == null)
            {
                using (Authenticator dp = new Authenticator())
                {
                    MyUser mu;
                    string data = string.Empty;
                    try
                    {
                        data = filterContext.HttpContext.Request["Data"];
                    }
                    catch { };

                    if (!string.IsNullOrEmpty(data))
                    {
                        mu = dp.Redeem(data);
                        if (mu.authenticated)
                        {                            
                            filterContext.HttpContext.Session.Clear();
                            AuthenticatedUser user = new AuthenticatedUser(mu);
                            filterContext.HttpContext.Session.Add("user", user);
                            FormsAuthentication.SetAuthCookie(user.UserId, false);
                        }
                        else
                        {
                            filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");

                        }
                    }
                    else
                    {
                        filterContext.HttpContext.Response.Redirect("MY EXTERNAL URL GOES HERE!!");
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        } 
    }
}

0

user63466 Feb 09 '09 at 16:44

source share

user63466 · Accepted Answer · 2009-02-09T19:21:29+0000

I solved this problem by creating a static dictionary of requesting IP addresses and removing duplicate requests from the same IP address. Not a very good solution - so if someone finds out a better solution - let me know.

ASP.Net MVC - Form Authentication Using an External URL

More articles: